Generative AI scams affect 25% of small businesses, nationwide survey finds

Small business owners in the U.S. are increasingly concerned about the risk of cyberattacks that could disrupt their operations, according to a new survey by Nationwide.

The survey revealed that around 25% of small business owners (SMBs) fell victim to generative AI-related scams over the past year. Most of these scams were described as fraud attempts involving impersonations of colleagues or senior employees via email, voice or video.

More than half of small and medium-sized businesses admitted to being tricked by a deepfake image or video in the past year, and 90% of respondents believe that generative AI scams are becoming more sophisticated. Many business owners expressed the need for help protecting their companies from these ever-evolving cyberthreats.

Despite this, less than half of small and medium-sized businesses have the necessary cyber insurance coverage, although many indicated that the increasing risks make them more inclined to consider purchasing such protection.

Nathan Lentz (pictured above), vice president of small business sales and distribution at Nationwide, noted that while small businesses may be more vulnerable to cyberattacks because they have fewer cybersecurity resources compared to larger corporations, many SBOs feel prepared to prevent such incidents.

“While small business owners feel prepared to prevent a cyberattack, they must ensure their preparedness is backed by comprehensive cyber insurance to truly protect their operations. Without it, they face potentially devastating consequences for their finances, operations and customer relationships,” Lentz said.

The survey also found that many small business owners have taken steps to improve their cybersecurity, especially since the COVID-19 pandemic, which some saw as a tipping point for the emergence of new cyber risks. Some 69% of respondents expressed concern about a potential cyberattack on their business, up 16 points from 2022 and a jump of 31 points since June 2020.

At the same time, 65% of small and medium-sized businesses said they feel prepared to prevent an attack, a 17-point improvement from last year. This confidence may be due to the steps they are taking to educate their employees, with 71% of business owners now offering formal cybersecurity training to staff at least once a year. Additionally, 36% of businesses conduct phishing tests on their employees every few months to help maintain awareness of cyber threats.

Despite these efforts, nearly a quarter of small and medium-sized businesses reported being victims of a cyberattack, with many saying this had a significant impact on their finances and customer trust. Business owners also appear to underestimate the costs and time associated with recovering from a cyberattack.

Four in five (81%) of small and medium-sized businesses believed that an attack on their business would cost less than $5,000 in damages, and 22% thought they would be back to business within a month. However, Nationwide claims data shows that the average cost of a cyber claim for a small business is between $18,000 and $21,000, with recovery times extending up to 75 days.

There is also a disconnect between business owners’ confidence in their ability to recover from a cyberattack and the steps they have taken to protect themselves. While 66% of small business owners expressed confidence in their ability to recover from an attack, only 42% have purchased cyber insurance.

Additionally, two-thirds of respondents said they expect their non-cyber insurance to cover losses from cyberattacks or that they have not considered how they would respond to an attack. While 69% of small and medium-sized businesses reported having an incident response plan, 28% acknowledged that their plan is outdated.

Nationwide is advising agents to advise customers on the importance of proactive cybersecurity measures and the need for up-to-date response plans and cyber insurance coverage.

While small businesses can take steps to reduce their risk of cyberattacks, no preventative measures are foolproof, so having the right insurance coverage and response plans in place is essential to minimise financial losses and operational disruptions.

Lentz noted that many business owners consider or purchase cyber insurance only after they or a similar business has suffered an attack.

“As cyber threats continue to evolve, agents should encourage business owners to take proactive steps to protect their companies. Investing in the right insurance policies can not only mitigate the risks posed by cyberattacks, but also ensure that recovery, when necessary, is faster, less costly and more efficient,” he said.

What do you think about this story? Feel free to share your comments below.