Cybercrime Worries for Small & Midsize Businesses in 2022

October 18, 2022

cybercrime against small & midsize businessCyber Security has been an issue since the dawn of the internet. Over the years, we have written about the nature of cyber crime, provided prevention tips, and described how insurance can mitigate risks in our blog.

But cybercrime has evolved. The fast moving nature of cyber risks begs the question, what should business owners be aware of now, in 2022?

In this 4 part series we’ll update you on the threat, prevention, response to attack, and the insurance solutions to the risk small and midsize businesses face online.

Cyber Risks for SMBs in 2022

Let’s start with the types of crime most prevalent in today’s cyber landscape. We thought a good place to start would be the actual claims activity of one of our major cyber insurance carriers, Coalition, Inc. We checked out their 2022 Cyber Claims Report. It’s based on their claims experience with the over 160,000 businesses they protect.

What stood out for us is that the report shows an increase in attacks targeting small-and midsize businesses. As you can imagine, these are the ones with fewer resources to respond. And the ones typical to our Utica area economy.

The average cost of a claim for small business owners was $139,000! According to the report, cyber incidents have the power to put very small organizations out of business.

And nonprofit policyholders saw a 57% increase in claims frequency. That is also a big concern for us here at Scalzo, Zogby & Wittig, Inc. because of our large book of nonprofit clients who do such valuable work here in the Mohawk Valley.

Phishing the Most Effective Attack

Phishing accounted for 57.9% of reported claims in 2022. That’s a 32% increase from the year before.

Phishing is a scam that lures you into giving up your username, password, or other sensitive information by pretending to be someone else. That email or phone call could be from a phony bank, credit card, or other company you do business with.

The key for small businesses is to understand that employees are the easiest entry to your data for cyber criminals. This is especially true of your remote employees. In our next post, we’ll suggest ways to help your employees recognize a phishing attempt and how to avoid falling prey to it.

Other Cyber Risks Typical in 2022

We went to the Forbes Advisor to find out more about cyber security threats in 2022. It’s top four were ransomware, misconfigurations and unpatched systems, credential stuffing, and social engineering (phishing).


Ransomware is a demand for money to gain access to your data. It’s the final step of a cyberattack after your network has been breached.

Misconfiguration and Unpatched Systems

When security settings are not defined and implemented or when default values are maintained, security misconfigurations arise. This means the configuration settings don’t comply with industry security standards, making them an easy target.

Credential Stuffing

Attackers obtain your login info and use it to try to get into your other services. This works for the criminals if you use the same usernames and passwords across multiple services. The attackers then use sophisticated bots to attack the other services using the same credentials.

Social Engineering

This is the term used for the breach of a person, not a system. The most common attack, then, is a phishing attack on an individual. And employees often don’t know they’ve been attacked. See our brief description of phishing above.

These are just a few of the ways your business is vulnerable to a cyber attack. But they are some of the most prevalent in 2022, so you should be aware of them.

In our next post, we’ll discuss prevention along with tips and recommended changes in behavior and education that will help you fight cyber attacks.

Until next time,

Your SZW Team

SZW Insurance is your Utica area Trusted Choice™ independent insurance agent. Call us for a quote on insurance for your home, car, business, or life at 315.792.0000. Or request a quote here.