For insurance buyers, insurance agents and insurance wholesalers!For insurance buyers, insurance agents and insurance wholesalers!

Fight Back Against Cyber Crime

Overview

Small businesses face a disproportionate risk from fraud and cybercrime because they often have fewer controls and limited IT resources. Beyond the immediate financial loss, fraud can disrupt operations, damage reputations, and create regulatory or tax complications.

Practical prevention combines basic operational controls, employee training, and appropriate insurance to transfer residual risk. This article outlines practical steps and the role of crime and cyber insurance for small businesses.

Key takeaways

  • Implement basic controls: separate accounts, strong passwords, and offsite backups.
  • Train staff regularly and screen employees who handle cash or sensitive data.
  • Consider insurance options that cover employee dishonesty, forgery, theft, and cyber incidents.

How it works

Fraud and cybercrime typically exploit weak controls: shared accounts, single-person handling of funds, or insecure computers used for financial transactions. Attackers use tactics like phishing, social engineering, malware, and insider theft.

Prevention reduces the attack surface, while insurance helps recover financial losses that controls cannot prevent. Policies vary, so it’s important to match coverage to your operations and exposures.

What it may cover (and what it may not)

Crime and commercial crime policies commonly cover employee theft, forgery, and certain types of theft of money and securities. For coverage examples and product details, review available policy options such as Fidelity (Crime).

Some insurers offer bundled products or specialized endorsements for businesses with hospitality operations; for those exposures see Hotel/Motel Crime Insurance.

Standalone crime options from certain carriers can address broader theft risks and employee dishonesty; one such example is Crime MountainGuard. Note that standard property or general liability policies typically do not cover employee theft, cyber extortion, or losses caused by social engineering without specific endorsements.

Common mistakes to avoid

Relying on a single person to handle all cash or financial transactions increases risk; use dual controls and independent reconciliations instead.

Using a general-purpose computer for online banking and financial tasks exposes accounts to malware and credential theft; dedicate a computer for financial transactions and keep its software updated.

Failing to change and rotate strong, unique passwords or to train staff on phishing recognition leaves systems vulnerable; make training and password hygiene routine parts of operations.

Questions to ask an agent

What specific types of employee dishonesty and theft are covered, and are there sublimits for certain loss types?

Does the policy include social engineering, funds transfer fraud, or cyber extortion, and what are the exclusions and waiting periods?

Are there recommended risk-control steps or minimum security requirements to qualify for coverage, and how do they affect premiums and claims?

Next steps

Start with an internal review: separate personal and business accounts, assign unique passwords, require regular reconciliations, and establish offsite backups. Implement basic IT protections such as a firewall, updated anti-malware software, and a dedicated computer for financial transactions.

Screen employees who handle cash or sensitive data and schedule regular security training. After controls are in place, compare insurance options to cover any remaining financial exposure; your agent can help match policy features to your needs—if you want to discuss coverage options, talk to an agent.

Frequently Asked Questions

What basic controls should every small business implement to reduce fraud risk?

Use separate business bank accounts, require dual approval for large transactions, maintain offsite backups, and use strong, unique passwords changed regularly.

Will my general liability policy cover employee theft?

Generally no; employee theft is usually excluded from general liability and requires a fidelity or crime policy to provide coverage.

Can cyber insurance help recover losses from phishing or fund-transfer scams?

Some cyber policies include coverage for funds transfer fraud and social engineering losses, but coverage and limits vary, so confirm specifics with your insurer.

How often should staff receive security training?

Regular training is best: at hiring and at least annually, with updates after new threats or incidents to keep awareness current.
Need insurance for You, Your Family or Your Business?
We can match you to a qualified, local insurance expert!
Get A Quote
Further Reading
Overview Companies of all sizes face growing exposure to digital threats that can compromise customer data, interrupt operations, and damage reputation. Effective protection combines sensible risk management, clear employee policies, and financial ...
Overview Small businesses face a disproportionate risk from theft, employee dishonesty, phishing and other forms of fraud. Losses can come from both physical theft and digital attacks that target banking credentials, vendor payments or customer dat...
Everyone is well aware that drinking and driving is a dangerous combination, but drinking or using drugs in the workplace is equally hazardous. Impaired workers might not be able to concentrate on the task at hand, and depending on the job, an erro...
Our hands are used in almost all daily activities, work or leisure. For some reason, we often overlook how frequently our hands are used until they are injured. According to the National Safety Council (NSC), the hands are involved in one of every ...
According to the American Red Cross, only a quarter of families are prepared for a natural disaster. So, what are you doing to ensure you're prepared? Have you followed FEMA's checklist of supplies, including storing nonperishable foods and water? ...