At a Glance: Cybercrime targeting small businesses is rising, especially through phishing and social engineering scams.
Cyber liability insurance and crime coverage
help protect sensitive data, finances, and reputation from today’s most common cyber incidents and AI-driven fraud.
The New Face of Cybercrime
Cybercrime isn’t limited to large corporations or government agencies anymore. Increasingly, small and mid-sized businesses are the targets of sophisticated social engineering scams: cyberattacks that trick employees into sharing sensitive data or transferring funds.
With the rise of AI-generated phishing emails, spoofed vendor invoices, and fraudulent payment requests, the stakes have never been higher. For businesses operating with remote or hybrid workforces, the risks multiply. Distributed teams rely heavily on email, cloud storage, and third-party vendors, creating more entry points for cybercriminals.
That’s why technology insurance—particularly cyber liability insurance and crime coverage—has become a must-have for small business owners.
What Is Cybercrime, and Why Is It Growing?
At its core, cybercrime refers to any criminal activity carried out through digital systems, networks, or the internet. For small businesses, the most common threats include:
Phishing emails: Messages that impersonate trusted sources to steal login credentials or payment details.
Spoofing: Fake websites, email addresses, or phone numbers designed to trick employees into sharing sensitive data.
Invoice fraud: Fraudsters impersonate vendors or executives to trick employees into wiring money to the wrong account.
AI-driven scams: Artificial intelligence now enables attackers to create hyper-realistic emails, voice recordings, and even “deepfake” video instructions that fool unsuspecting staff.
Even the most cautious employee can fall victim to a well-crafted scam, which is why insurance protection is so critical.
Cybercrime by the Numbers
In the U.S., the FBI’s Internet Crime Complaint Center reported over $16 billion in losses due to cybercrime in 2024, marking a 33% increase from the prior year.
Small business employees encounter 350% more social engineering attacks than those at larger enterprises.
Nearly half of all cyberattacks now target small businesses, and 60% of those attacked shut down within six months.
Deepfake-enabled executive impersonation (like fake video calls from “CEOs”) drove more than 105,000 attacks in the U.S. in 2024, with financial losses topping $200 million in just the first quarter.
One security expert notes that “1 in 2 small businesses will be hit by a cyberattack,” up from 1 in 5 just a few years ago.
What Does Cyber Insurance Cover?
Cyber liability insurance is designed to protect businesses when their digital defenses fail. Depending on your policy, coverage may include:
Data breach response costs (forensics, legal counsel, notifications, credit monitoring)
Regulatory fines and penalties (where permitted by law)
Business interruption losses caused by system downtime
Ransomware attack payments and negotiation support
Third-party liability claims if your breach impacts clients or vendors
In short, cyber liability insurance helps you recover quickly, cover costs, and protect your reputation when cybercrime strikes.
What Does Cyber Insurance Not Cover?
It’s just as important to know what cyber insurance for small businesses may not cover. Policies typically exclude:
Future profits lost beyond the covered interruption period
Upgrades or improvements to your IT systems post-breach
Fraudulent transfers not specifically included in your policy
Unreported incidents or those caused by intentional employee misconduct
This is where crime insurance often comes in. Crime coverage can bridge gaps by protecting against losses from employee dishonesty, social engineering scams, and fraudulent transfers—exposures that many standard cyber policies may not fully address.
Why Social Engineering Scams Demand Crime Coverage
When an employee clicks on a fraudulent email or follows instructions from a spoofed “CEO,” insurers sometimes classify the event as a voluntary transfer of funds. This scenario isn’t always covered by cyber liability alone.
Adding crime coverage to your protection plan helps safeguard your business against:
Fraudulent funds transfer requests
Vendor and supplier impersonation schemes
Payroll diversion scams
Check forgery and electronic funds theft
Together, cyber liability and crime insurance form a layered defense against the most damaging cyberattacks small businesses face today.
More Questions About Cyber Liability Insurance
Does cyber insurance cover phishing and social engineering scams?
Yes, but coverage depends on your policy. Many cyber liability insurance policies cover costs related to cyber incidents like phishing, but social engineering scams may fall under crime coverage instead. That’s why small businesses often need both insurance products to stay protected.
Does cyber insurance cover general liabilities or property damage?
Not usually. General liabilities like slip-and-fall accidents or property damage to your building are covered by other commercial policies. Cyber liability insurance is focused on digital risks such as stolen personal data, malicious software attacks, or business interruption caused by a cyber event.
What type of personal data breaches does cyber insurance cover?
Cyber insurance can help protect your business when sensitive information is compromised, such as:
Credit card numbers
Social Security numbers
Client identity details
Health or financial records
If a breach exposes this type of data, your policy may cover legal defense, notification costs, and identity theft monitoring services.
Does coverage include protection against malicious software or ransomware?
Yes. Most policies cover malicious software attacks, network security failures, and cyber extortion events. If ransomware locks down your systems or a hacker demands payment, cyber insurance can provide funds for negotiation, restoration, and business interruption costs.
Is cyber insurance only for large corporations in the United States?
Not at all. Small businesses across the United States are some of the most common targets for cybercrime because attackers know they may lack robust security measures. Whether you’re a startup, contractor, or growing tech firm, cyber liability insurance helps level the playing field.
Protecting Your Business in the Age of AI Scams
At Pepper, Johnstone & Company, we understand that small businesses face the same cyber risks as Fortune 500 companies, often without the same resources to respond. As an independent insurance agency, we partner with top-rated carriers to craft customized cyber liability and crime insurance policies that address your real-world exposures.
From phishing and spoofing to AI-generated invoice fraud, our team helps you identify vulnerabilities, secure the right coverage, and build confidence in your ability to withstand today’s most advanced scams.
Don’t Wait Until It’s Too Late: Get an Insurance Quote Today
Social engineering attacks are on the rise, and cybercriminals are getting smarter. The best time to review your coverage is before the next phishing email lands in your inbox.
Contact Pepper, Johnstone & Company today at 866-381-5821 or request a quote online. Let us help protect your small business from the costly risks of cybercrime.
Sources:
- Reuters: “FBI Says Cybercrime Costs Rose to at Least $16 Billion in 2024.”
- StrongDM: “35 Alarming Small Business Cybersecurity Statistics for 2025.”
- Electro IQ: “Small Business Cyber Attack Statistics and Facts (2025).”
- The Wall Street Journal: “AI Drives Rise in CEO Impersonator Scams.”
- Midland Reporter-Telegram: “Small Businesses Are Especially Vulnerable to Cybercrime, Expert Says.”