Cybercrime / Cyberattack
What Is a Cybercrime (aka Cyberattack)?
A cybercrime — or cyberattack — is any attempt to break into, misuse, or disrupt your digital systems to steal data or money, demand payment, or damage your operations. Common tactics include:
- Phishing
- Ransomware
- Business email compromise
In small business insurance terms, it’s the covered event that can trigger cyber liability insurance protections like data breach responses, system restoration, and legal defense.
Are Small Businesses Really at Risk from Cybercrimes?
Yes, small businesses actually account for significantly higher rates of data breaches and ransomware attacks than large companies.
- Data breaches: Small businesses with less than 1,000 employees accounted for 3,049 incidents vs. 982 incidents at large firms
- Ransomware attacks: Ransomware was involved in 88% of small/mid-size business breaches vs. 39% at large organizations
The financial impact to a small business from even one cyberattack can be devastating. Here’s what’s at risk:
- Direct financial loss: Fake invoices, wire fraud, or stolen funds
- Ransom/extortion: Payment demands to unlock systems or stop data leaks
- Business interruption: Downtime that halts sales, bookings, or service delivery
- Data breach costs: Forensics, customer notification, credit monitoring, public relations (PR)
- Legal and regulatory exposure: Lawsuits, penalties (e.g., privacy/payment card industry or PCI violations)
- Customer/client fallout: Breach of contract, lost deals, or chargebacks after an incident
- Reputational damage: Lost trust, bad reviews, churned customers
- Intellectual property (IP) and proprietary/confidential info theft: Pricing, designs, or client lists stolen
- Hardware/software damage (“bricking”): Infected devices or corrupted systems
- Payment fraud/card-not-present (CNP) skimming: Stolen card data from ecommerce or point of sale (POS)
- Third-party/vendor dependency risk: Your cloud or payment provider is hit, and now you’re down too
- Recovery overhead: Password resets, rebuilds, overtime, and future security spend
You don’t have to go it alone! Cyber liability insurance is designed specifically to help cover the costs associated with first- and third-party liabilities stemming from the above.
What Types of Cyberattacks Do Small Businesses Face?
Some of the most common cyberattacks small businesses face include:
- Phishing scams: Fake emails and/or text messages tricking staff into clicking links or sharing passwords
- Business Email Compromise (BEC): Criminals hijack or spoof a work email to reroute payments or invoices
- Ransomware: Malware locks your files and/or systems and demands payment to restore access
- Credential stuffing/brute-force: Stolen or weak passwords are used to break into accounts
- Malware/spyware: Malicious software installed via attachments, downloads, or ads to steal data or control devices
- Social engineering/invoice fraud: Imposters pose as vendors, bosses, or Information Technology (IT) to get wire transfers or gift cards
- Account takeover (ATO): Criminals seize logins for bank, payroll, or ecommerce portals to move money or steal data
- Data breaches/data exposure/misconfiguration: Leaky cloud storage, lost laptops, or poor settings expose customer info
- Payment skimming/CNP fraud: Card-not-present or web skimmers steal customer payment data
- DDoS (Distributed Denial of Service) disruption: Flooding your site or app with traffic that slows it down to the point that customers can’t access or use it
If your small business does any of the following, adding cyber liability insurance to your small business insurance plan is a must:
- Stores client information online
- Processes payments online
- Sends or receives personal or financial info via email or text
- Has a website that collects leads
- Sells online or performs other critical business activities online
How Can Small Businesses Prevent Cybercrimes/Cyberattacks?
Cyber liability insurance offers a financial safety net if you’re the victim of a cybercrime, but you can prevent these incidents through employee training, password managers, multi-factor authentication, and more.
Swipe →
| Must-Haves | Nice-to-Haves | Quick Response Plan |
|---|---|---|
|
|
|
Pro Tip: Phishing, weak passwords, and unpatched software cause the most cyber liability incidents. Don’t wait to implement security measures until it’s too late!
Note: The information provided here is educational; it’s not legal, tax, or insurance advice. Cyber events and coverage triggers vary depending on the policy wording and applicable law. If you suspect an incident, follow your incident response plan and contact your insurance company. For advice tailored to your business, review your policy and consult your insurance provider or attorney.
Additional Resources
- Cyber Liability Insurance (aka Data Breach Insurance)
Related Terms
Get tailored coverage by selecting your industry below.