From the boardrooms of large companies to the back office of mom-and-pop shops, artificial intelligence (AI) is everywhere, offering to make navigating the daily challenges of running a business easier. But what happens when the solution becomes part of a larger problem?
Cyber security incidents are on the rise and increased use of AI is putting companies – large and small – at risk. Mariano Neiman, chief operating officer at Zensurance, believes that even though AI still seems like it might be a far-flung idea for the future of many businesses, the risk is now.
“What we've seen in terms of cyber risk over the last couple of years is an increase in threats to small businesses,” he said. “In the past, hackers, phishers and so on, would target larger enterprises because of the kind of potential payouts that they would receive in those scenarios. What has happened over the last couple of years, especially because of the growth of AI, is that it has become easier and easier to target small business owners.”
Neiman said the use of AI has made it easy to target a large volume of small companies all at once with relatively little effort, leaving smaller organizations battling cyber threats on a regular basis.
“More than anything, [we tell clients] to be aware that cyberattacks are not just something that large enterprises are at risk of. That's generally one of the big hurdles in the small business segment is a little bit of that belief that ‘it's never going to happen to me.’”
In a survey of more than 500 Canadian organizations, conducted by Telus Business in January 2024, 64% of participants said they currently had cyber insurance, and an additional 10% said they were interested in obtaining coverage.
A third of those with existing coverage admitted to filing at least one claim in the past 12 months. Of those making a claim, 71% said their coverage did not meet their expectations.
Neiman said working with clients to make their coverage unique to them helps to encourage conversations about how to stay safe in an increasingly complicated online environment.
According to the Telus survey, only 18% of organizations that submitted claims in the last 12 months believed they were well protected against future incidents, with 26% looking for outside help to be more prepared.
When speaking with clients, brokers can reassure them and help to mitigate risks while making them feel more in control of the situation.
“They are able to engage in this conversation and help discuss the potential threats and preventions. If they haven't selected [cyber coverage], we still talk to them about it so that they are aware of the risks and to see if it makes sense for them to protect themselves, or if they're comfortable going without it, which could be an issue,” Neiman said.
Being that first point of contact and education for potential customers not only reassures them, but helps to convert them and allows them to pick the best policy for their needs, said Neiman.
Telling clients about two simple ways they can mitigate their own risk can help them feel more secure and prevent claims in the future.
Neiman said the two biggest risks, and the biggest potential losses, for clients are the leaking of confidential data and phishing scams.
Phishing is the act of a cyber threat actor pretending to be a legitimate source or potential customer, contacting the small business owner or employee through text or email and gathering some kind of access into the internal systems. Sometimes that’s accomplished by getting users to submit their password or other vital information, or by using malware to infect their system after they’ve clicked a link.
“There's a few other techniques, but that's usually the biggest one and the riskiest one,” said Neiman. “What the risk of phishing is, is that once that bad actor has access to the internal systems, they can do a variety of things that could be harmful to the small business owner.”
Those things include stealing customer or employee data or gaining access to the business’s bank accounts. Another major risk is a ransomware attack.
“That’s taking over the systems from the small business owner, and, for example, changing the passwords, and therefore locking out the small business owner and employees from being able to use their own systems, which means they now can't operate,” Neiman said. “They try to blackmail [businesses] asking for payment to give back access to their systems or databases.”
The second risk common for businesses of all sizes, is the use of AI with confidential company data.
While AI tools may be great for helping with everything from marketing strategies to social media captions, to creating charts and more, the tools aren’t secure or confidential and are prone to reusing information they have been fed as part of their learning tool model.
“AI has created an opening for, unfortunately, using certain types of public AI systems that may not be secure, and if the small business owners are entering confidential data into those systems, the systems may use that data for other purposes,” Neiman said.
Helping potential clients understand the risks to small businesses, even those that may think they’re not a computer-based business or prone to attack, not only drives uptake in cyber policies, but helps customers avoid potentially overwhelming losses.
“We've seen so many instances of restaurants or accountants that are just a small business owner or a couple of employees max, be targeted, and it can be, unfortunately, pretty devastating. Suddenly they're locked out of their systems for weeks and they can't operate, and they have a loss of revenues,” he said. “This can come out of nowhere and maybe they don't know how to negotiate, or they don't have backups.”
Proper coverage not only provides support and helps to mitigate financial losses, but helps companies maintain customer confidence because they have the support to work through a situation if it arises.
Neiman said clients frequently think the added security is costly, but education also includes letting them know cyber insurance can be added to their current policy without seeing much of an increase.
“It's one of those things that may cost a couple hundred dollars a year, max,” he said. “It's a couple of coffees a month, but it brings that peace of mind that if something were to happen the livelihood of the small business owner would be protected.”
