For insurance buyers, insurance agents and insurance wholesalers!For insurance buyers, insurance agents and insurance wholesalers!

FRAUD AND CYBERCRIME: FIGHT BACK

2

Overview

Small businesses face a disproportionate risk from theft, employee dishonesty, phishing and other forms of fraud. Losses can come from both physical theft and digital attacks that target banking credentials, vendor payments or customer data.

Protective steps combine good internal controls, basic cybersecurity hygiene and the right insurance coverages designed for financial loss. For practical prevention tips and policy guidance, see Crime Prevention Strategies for Businesses.

Key takeaways

  • Preventive controls (separation of duties, background checks, secure passwords) reduce exposure to internal and external fraud.
  • Technology defenses (firewalls, anti-malware, dedicated transaction computers) stop many common attacks but must be paired with staff training.
  • Insurance products exist to cover many kinds of financial loss, but coverages and exclusions vary—review policy terms carefully.

How it works

Fraud against businesses typically follows a pattern: a weakness is identified, an opportunity is exploited, and funds or property are removed before the loss is detected. Common vectors include compromised email, forged checks, unauthorized vendor changes and employee theft.

Controls that interrupt that pattern include timely reconciliation of accounts, multi-factor authentication for online banking, dual-approval payment workflows and routine audits. Combining controls with offsite backups and malware protection reduces both the chance of loss and recovery time after an incident.

What it may cover (and what it may not)

Commercial crime or fidelity policies can cover employee dishonesty, forgery, funds transfer fraud, and theft of money or securities. Separate cyber liability or social engineering endorsements may address losses caused by phishing or business email compromise.

Typical exclusions include intentional acts by owners, losses caused by undocumented internal policy violations, and some types of reputational or consequential losses. Always confirm specific covered perils, limits, deductibles and any required security controls with your insurer.

Common mistakes to avoid

  • Mixing personal and business accounts, which increases exposure and complicates fraud detection.
  • Using weak or reused passwords and not enforcing regular password updates or multi-factor authentication.
  • Relying on a single person to handle cash, bank transfers or reconciliation tasks without independent review.
  • Skipping employee screening for staff who handle money or sensitive data, and failing to train employees on phishing and social engineering.

Questions to ask an agent

What types of crime and cyber incidents does this policy cover, and are there separate limits for employee dishonesty versus social engineering?

Are there required security controls or notices I must maintain to keep coverage in force, and how do claims get handled if multiple perils are involved?

Next steps

Start by strengthening basic controls: separate accounts, require dual approvals for payments, enforce strong passwords and schedule regular staff training sessions. Consider offsite backups and a dedicated computer for financial transactions to limit exposure.

Review available policy options and compare coverages and exclusions carefully—for a closer look at insurance solutions, see Protect Your Business from Financial Devastation with Commercial Crime Coverage Insurance.

If you want to review options with professional help, talk to an agent who can match coverage to your business size and risk profile.

Frequently Asked Questions

What immediate steps should I take if I discover fraud?

Secure systems and bank access, document the incident, notify your bank and insurer, and preserve evidence for investigators.

Will crime insurance cover losses from phishing scams?

Some policies include social engineering or funds transfer fraud coverage, but terms and limits vary—check your policy details.

How often should employees receive fraud-prevention training?

Provide training at hiring and refresh it at least annually, with targeted updates when new threats or systems are introduced.

Can background checks prevent employee theft?

Background checks reduce risk but do not eliminate it; combine screening with controls like separation of duties and regular audits.
Need insurance for You, Your Family or Your Business?
We can match you to a qualified, local insurance expert!
Get A Quote
Further Reading
Overview As businesses rely more on connected systems and customer data, the financial and operational risks from cyber incidents grow. Cyber incidents can range from data breaches to business interruption caused by malware or ransomware. Smaller b...
Legendary bank robber Willie Sutton supposedly said that he robbed banks because that was where the money was. Many small business owners follow this logic when it comes to computer system security, believing cybercriminals target only large corpor...
Legendary bank robber Willie Sutton supposedly said that he robbed banks because that was where the money was. Many small business owners follow this logic when it comes to computer system security, believing that cybercriminals target only large c...
Overview Internal fraud — including fake billing, unauthorized reimbursements, theft of inventory, and corruption — can be costly and disruptive even when direct losses appear small. Beyond the dollars lost, affected organizations face civil claims,...
Overview Small businesses face a disproportionate risk from fraud and cybercrime because they often have fewer controls and limited IT resources. Beyond the immediate financial loss, fraud can disrupt operations, damage reputations, and create regu...