According to Javelin's "2011 Small Business Owners Identity Fraud Report," fraud targeted at SMBs and their owners totaled more than $8 billion in 2010. Banks, merchants, and other providers absorbed at least $5.43 billion of that loss, while the cost to victims was $2.61 billion.
"In looking at this whole issue more closely, we found that there is a lot more loss involved here than was initially calculated because there is a lot of cost absorbed by financial institutions and merchants that wasn't previously included," says Phillip Blank, research analyst for risk and fraud security at Javelin.
The $5.43 billion includes not only the financial losses themselves, but also costs associated with data theft, such as attorney fees, time to repair the damages, and the cost of opening new accounts, Blank says.
Javelin also found that SMB owners sustain greater losses through fraud than their online consumer counterparts. The average victim cost of fraud for an SMB owner is more than double the consumer victim cost of $631, according to the report.
"For SMBs, there's no 'zero liability' agreement with creditors as there is for most consumers," Blank observes. "SMBs may be held liable for fraud losses, at a huge cost to their businesses."
SMBs have become an attractive target for cybercriminals because they tend to have more money than individuals, yet they seldom have the time, skills, or finances to build defenses that are as effective as those of larger businesses, Javelin states.
"We advise SMB owners to take advantage of technology and services, like real-time fraud alerts and full identity fraud protection services," Blank says. "But there is only so much that software or services can do. Small businesses need better education and awareness as well."
Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.