Business Fraud: What Are the Real Costs?

Fraud is a persistent thorn in the side of all businesses. Small businesses are especially vulnerable since they often lack the internal controls, staff and fraud prevention technologies of larger companies. However, cybercrime is a high-stakes risk small business owners can’t afford to take.

Small businesses are increasingly targets of cyberattacks.

Fraudsters are aware of the obstacles small companies face in protecting themselves against attacks. They also know how to exploit these companies’ weaknesses and do so often. According to the Identity Theft Resource Center (ITRC), cyberattacks against small businesses ratcheted up by just over 60% in the last two years.1 Even companies that hadn’t been previously affected weren’t safe. Of reported attacks last year, 43% were first-time.2

Unfortunately, cybercriminals are rewriting an old saying and changing it to: “If at first you succeed, try, try again.” With a successful initial attack, they’ll likely continue to target your business. Thirty-five percent of small businesses participating in the ITRC report were attacked twice, and others as many as four or more times.3

Why is small business fraud so popular among criminals? The answer is, for these bad actors, crime pays. The types of data stolen and its uses vary. Ultimately, though, small businesses end up picking up the tab for fraudsters’ illegal enterprises.

How much does fraud cost small businesses?

Fraud costs companies billions of dollars each year, and small businesses share heavily in those losses. For example, last year IBM reported that companies with fewer than 500 employees reported losses of $3.31 million due to data breaches.4 The costs of individual attacks at businesses varied, but most were $250,000 or more — some paid over $1 million. Forty-seven percent paid less than $250,000.

The final costs for all small business victims of data breaches included:

• Lost revenue and customers
• Legal fees
• Fines and penalties
• Insurance coverage
• Security improvements
• Marketing and other business expenses

Financial losses are alarming but, in many cases, are covered by cyber liability or business interruption insurance. However, there are other losses that are much more difficult to recoup – if at all. Consumers are worried about their data and how well companies protect their information. There are serious customer service implications for businesses that suffer data breaches. In fact, 32% of respondents in ITRC’s study said they encountered customers’ losing trust in them. Customers, however, aren’t the only ones businesses should be concerned about losing. An equal percentage of employees (32%) left companies after a breach.5

Cyberattacks are stressful incidents for companies, customers and employees. Relative to available resources, the impact of small business fraud can be greater than that of larger enterprises. So, it’s important to understand the risks and costs of fraud.

What is the most common small business fraud?

Fraudsters strategically plan their attacks, studying the targeted companies to learn which tactics will be most effective. According to Kaspersky, phishing, malware and ransomware are the most common attacks against small businesses.6

• Phishing

  This is a social engineering scam where criminals pretend to be reputable businesses or individuals to trick victims into giving them sensitive information. For example, you might receive a fake email, presumably from IT, which includes a link to change your password. Instead, you’ll be taken to a fraudulent page created to steal logins. This is just one example. You may also receive emails with fake invoices, document shares, or requests for payment. Emails aren’t the only means of social engineering. Fraudsters may also contact you via phone calls, postal mail, texts or even face-to-face meetings.

• Malware

  Worms, viruses and trojans are malicious software programmed to infect a computer — or several computers — and steal data without triggering a system alert. Fraudsters can use “backdoors” to access and control a computer, creating entire networks of infected computers.

• Ransomware

  With this malicious software, fraudsters steal and make data inaccessible until a business pays them a ransom. However, paying the demand doesn’t always resolve the problem. Some criminals don’t return the data and/or sell and distribute it or come back for a second ransom.

These aren’t the only types of fraud against small businesses. You should create a comprehensive plan to prevent cyberattacks.