Commercial Insurance
Cybercrimes Against Small Businesses Drop, but Challenges Remain
Most insurance questions do not begin with policy language. They begin with a practical moment: something changed, a risk became easier to see, or a coverage question started to feel more expensive than it used to. This article is for the point where you are trying to understand business insurance before renewal, a contract requirement, a certificate request, or a claim changes the conversation. The useful move is not to memorize every policy term. It is to name the situation clearly enough that you can ask better questions, compare the right details, and avoid making a decision from pressure or guesswork.
Short answer
Cybercrimes Against Small Businesses Drop, but Challenges Remain is best understood as a decision guide: use it to identify the main coverage issue, the likely blind spot, and the next question to ask before you rely on a policy, quote, or renewal assumption.
Reader checkpoint
Before you act on this topic, ask these three questions.
- What changed in the business, contract, property, equipment, payroll, or operations since the last policy review?
- Which loss would be hardest for the business to absorb without a coverage response?
- Is this issue handled by the current policy, an endorsement, a separate policy, or a better documentation process?
Quick answer
What this article is mainly about
Small businesses and self-employed people saw fewer cyberattacks and data breaches over the previous 12 months. Still, significant risks remain … The practical takeaway is to use the article as a starting point for a clearer coverage conversation, not as a guarantee that every policy or claim will be handled the same way.
At a glance
What to identify before the next decision
Main issue
business insurance decision clarity
Common blind spot
Business changes that outgrow last year's policy assumptions
Useful document
Current policy, certificates, contracts, payroll or sales estimates, and claim records
Best next step
Commercial Renewal Readiness Score
How to think through business insurance
Small businesses and self-employed people saw fewer cyberattacks and data breaches over the previous 12 months. Still, significant risks remain for this corner of the economy, according to the Identity Theft Resource Center’s (ITRC) 2022 Business Impact Report . ITRC recently surveyed 450 people who led small businesses or were self-employed about their experiences with cybercrime. They found that 45% of respondents experienced a security or data breach between July 2021 and 2022, a drop from 58% from the previous year. They also incurred lower costs in addressing a breach. More businesses reported losing less than $250,000, while fewer reported losing between $250,000 and $1 million.
“While any reduction in the impact of a cybercrime on a small business or individual is welcome and significant, it’s also too early to tell if the improvements reflected here are medium or long-term trends or simply unique to the current environment,” wrote ITRC. Cybercriminals most frequently targeted customer and employee data, with roughly half of respondents reporting compromises of both data types. Just over one-quarter reported a compromise of company intellectual property. External threat actors were the most common root cause of data breaches, followed by compromises from remote workers, malicious insiders, compromises from third-party vendors, and human error. ITRC noted social media continued to be a pain point for many respondents.
Important details to compare
Half of the survey respondents reported cybercriminals taking over their social media accounts, and nearly 90% of impacted companies said they lost revenue as a result. It also uncovered what it considers a worrisome trend in cybersecurity training. Half of the survey respondents reported cybercriminals taking over their social media accounts, and nearly 90% of impacted companies said they lost revenue as a result. Mistakenly sharing account credentials with someone pretending to be a friend or customer or phishing attacks were the most common causes of account takeovers. Respondents said they are increasing investment in new security tools, IT staff, and IT staff training, but are spending less on overall staff cybersecurity training.
“Given the volume and velocity of these attacks, now is not the time to reduce the training opportunities for non-IT employees,” ITRC wrote. “Yet, that is exactly the trend described by the small business leaders whose experiences are described here. ”
Defined Q&A
Cybercrimes Against Small Businesses Drop, but Challenges Remain: common questions
What should I check first for business insurance?
Start with the declarations page and the specific change or risk that made you look up the topic. Coverage conversations get clearer when the question is tied to a real property, vehicle, operation, contract, claim, or renewal decision.
Does this article mean I need a different policy?
Not necessarily. It means the issue is worth checking before you assume the current policy handles it the way you expect. Sometimes the answer is an endorsement, documentation, a different limit, a separate policy, or no change at all.
When should I ask an agent to review this?
Ask before a deadline, renewal, contract requirement, major purchase, property change, business change, or claim decision. A short review is usually easier than trying to fix a coverage assumption after the fact.
The value of this article is not that it turns you into an insurance technician. The value is that it gives you a cleaner way to look at business insurance before the decision becomes rushed. A better question asked early can prevent a frustrating answer later.
If one part of this topic felt familiar, start there. Pull your policy, contracts, certificates, payroll or sales estimates, and recent operational changes, then compare that real-world detail against the coverage question raised above. One clearly understood item is worth more than a full policy read done under pressure.