Small and mid-sized businesses are being targeted too.
When we think of cyber crime, we often imagine Hollywood-style hacks or massive corporations making headlines. But today, small and midsize businesses are being hit too. And most of the time, it does not start with anything dramatic. It starts with something ordinary: a fake invoice, a password reset email, a payment request that looks legitimate, or a login page that seems to come from Microsoft 365 or Google. The FBI says Business Email Compromise alone led to more than $2.7 billion in adjusted losses in 2024, and stolen credentials continue to be a major way attackers get into business systems.
Sometimes the threat looks completely normal.
Take a fake invoice, for example. An employee receives an email that appears to come from a vendor, opens it, and clicks the link to review the bill. That link may lead to a login page that looks real, but it is there to capture the employee’s username and password. Once the attacker has that information, they may access the company email account, read conversations quietly, learn who handles payments, and wait for the right moment to send a fraudulent payment request that looks completely normal. In other cases, the invoice is not about stealing a password at all. It is simply a fake bill, sent in the hope that someone in accounting pays it without realizing it is fraudulent.
In 2026, the risk environment is still active.
Between ongoing fraud, ransomware, stolen credentials, and periods of geopolitical tension, businesses cannot afford to assume they are too small to matter. A recent 2026 cybersecurity advisory warned businesses to stay alert for phishing, credential harvesting, website disruptions, and other attempts to gain access through email, remote access tools, and everyday digital systems.
What your IT team should be helping with right now
A good IT team can help reduce exposure by tightening a few basics:
- Train employees to slow down and verify unusual payment requests or login prompts
- Turn on multi-factor authentication for email, remote access, and other critical systems
- Patch internet-facing systems and keep software updated
- Monitor for suspicious login activity and unauthorized access attempts
- Review backups to make sure they are current and usable
- Check firewalls and remote access settings
- Strengthen email protections like DMARC, DKIM, and SPF
- Watch for look-alike domains and phishing attempts
Insurance is not the first step, but it is an important one.
Cyber liability coverage is not a replacement for strong passwords, employee training, or a solid IT partner. It is there because even careful businesses can still get caught in a bad situation. Depending on the policy, cyber coverage may help with expenses tied to breach response, legal support, data recovery, business interruption, and other related costs. CISA also continues to stress the importance of backups, updates, remote-access protection, and stronger forms of multi-factor authentication where possible.
The point is not to panic. The point is to be prepared.
At BTP Insurance Services, we believe protection should match the way modern businesses actually operate. Today’s business risks do not only come from vehicles, property, or day-to-day operations. They can also come through email, logins, payment systems, software, and digital records.
