AI Being Used to Scam Small Business Owners, Says Nationwide Survey
Just when employees have learned to ignore scammy texts and emails from the boss, along comes the next generation of impersonation using artificial intelligence.
Cybercriminals increasingly use generative AI, including voice calls and video, to scam businesses. And small businesses are even more vulnerable.
A new survey from Nationwide found one-quarter of small business owners have been targeted by AI-driven scams in the last year, including email voice or video impersonations of senior-level employees.
“As gen AI continues to transform various industries, its misuse in scams presents a significant challenge for small businesses with less resources for cyber defense than larger corporations, making them easier targets for cybercriminals,” said Nathan Lentz, vice president of small commercial sales and distribution for Nationwide.
Are these scams working? Well, 52% of owners admit to being personally duped by deepfake images or videos in the past year.
While 90% of those surveyed want more support to protect against increasingly sophisticated attacks, only 42% of small business owners (SBOs) report having cyber insurance coverage, maybe because those charged with protecting small businesses from IT attacks underestimate the cost and time needed to recover from a breach. While 65% believe recovery costs would be $5,000 or less, the average cyber claim for a small business can cost between $18,000 and $21,000, Nationwide said.
While 20% of business owners think they would recover in under a month, it typically takes 75 days—over two months. Business owners may also misunderstand insurance coverages, with 66% believing non-cyber insurance would cover losses from an attack. The same percentage of SBOs are confident in their business’s ability to recover from an attack.
“While small business owners feel prepared to prevent a cyberattack, they must ensure their preparedness is backed by comprehensive cyber insurance to truly safeguard their operations,” Lentz said. “Without it, they face potentially devastating consequences to their finances, operations, and customer relationships.”
An increasing number of business owners are worried about a potential cyberattack—69% in the latest survey, up 16 points from 2022 and 31 points from June 2020.
With awareness increasing, two-thirds of SBOs feel prepared for preventing such an attack, with 71% providing formal cybersecurity training for employees at least once a year, a 15-point jump from 2022. While 69% reported having an incident response plan in place, 28% admitted that their plan is outdated, Nationwide said.
Agents can play a critical role in educating clients about the proactive steps they can take to protect their business from cyber attacks, including improving digital infrastructure and reviewing cyber coverages, Lentz said.
“Our research shows that three-quarters of agents (73%) say their commercial clients consider or purchase cyber insurance because they were either a victim to an attack or witnessed a similar business become a victim,” he said. “As cyber threats continue to evolve, agents should encourage business owners to take proactive steps to protect their companies. Investing in the right insurance policies can not only mitigate the risks posed by cyberattacks but also ensure that recovery, when necessary, is faster, less costly and more efficient.”