Generative AI scams hit 25% of small businesses, Nationwide survey shows

Generative AI scams hit 25% of small businesses, Nationwide survey shows | Insurance Business America

Cyber

Generative AI scams hit 25% of small businesses, Nationwide survey shows

As cyber threats grow, many SBOs lack cyber insurance

Small business owners in the US are growing increasingly concerned about the risk of cyberattacks that could disrupt their operations, according to a new survey from Nationwide.

The survey revealed that around 25% of small business owners (SBOs) have been targeted by scams involving generative AI over the past year. Most of these scams were described as attempted fraud through email, voice, or video impersonations of colleagues or senior employees.

More than half of SBOs admitted to being deceived by a deepfake image or video in the past year, and 90% of respondents believe that generative AI scams are becoming more sophisticated. Many business owners expressed a need for help in safeguarding their enterprises from these evolving cyber threats.

Despite this, less than half of SBOs have the necessary cyber insurance coverage, although many indicated that the growing risks make them more inclined to consider purchasing such protection.

Nathan Lentz (pictured above), vice president of small commercial sales and distribution for Nationwide, pointed out that while small businesses may be more vulnerable to cyberattacks due to fewer cybersecurity resources compared to larger corporations, many SBOs feel prepared to prevent such incidents.

“While small business owners feel prepared to prevent a cyberattack, they must ensure their preparedness is backed by comprehensive cyber insurance to truly safeguard their operations. Without it, they face potentially devastating consequences to their finances, operations, and customer relationships,” Lentz said.

The survey also found that many small business owners have taken steps to improve their cybersecurity, especially since the COVID-19 pandemic, which was seen by some as a turning point for new cyber risks. About 69% of respondents expressed concern about a potential cyberattack on their business, an increase of 16 points from 2022 and a 31-point jump since June 2020.

At the same time, 65% of SBOs said they feel prepared to prevent an attack, a 17-point improvement from last year. This confidence may stem from the steps they are taking to educate their employees, as 71% of business owners now provide formal cybersecurity training for staff at least once a year. In addition, 36% of businesses conduct phishing tests on their employees every few months to help maintain awareness of cyber threats.

Despite these efforts, nearly a quarter of SBOs reported falling victim to a cyberattack, with many saying it had a significant impact on their finances and customer trust. Business owners also appear to underestimate the costs and time associated with recovering from a cyberattack.

Four in five (81%) of SBOs believed an attack on their business would cost less than $5,000 in damages, and 22% thought they would be back to normal operations within a month. However, Nationwide’s claims data shows that the average cost of a cyber claim for a small business is between $18,000 and $21,000, with recovery times stretching up to 75 days.

There is also a disconnect between business owners’ confidence in their ability to recover from a cyberattack and the actions they have taken to protect themselves. While 66% of SBOs expressed confidence in their ability to recover from an attack, only 42% have purchased cyber insurance.

Additionally, two-thirds of respondents said they either expect their non-cyber insurance to cover cyberattack losses or have not considered how they would respond to an attack. Although 69% of SBOs reported having an incident response plan in place, 28% acknowledged that their plan is outdated.

Nationwide is advising agents to counsel clients on the importance of proactive cybersecurity measures and the need for up-to-date response plans and cyber insurance coverage.

While small businesses can take steps to reduce their risk of cyberattacks, no preventive measures are foolproof, making it essential to have the right insurance coverage and response plans in place to minimize financial losses and operational disruptions.

Lentz noted that many business owners consider or purchase cyber insurance only after they or a similar business have experienced an attack.

“As cyber threats continue to evolve, agents should encourage business owners to take proactive steps to protect their companies. Investing in the right insurance policies can not only mitigate the risks posed by cyberattacks but also ensure that recovery, when necessary, is faster, less costly, and more efficient,” he said.

What are your thoughts on this story? Please feel free to share your comments below.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!