Small Business & Fraud
Fraud, Scams, and Ransomware: Small Businesses React
New National Survey of Small Businesses Shows Fraud, Scams and Ransomware Impose a $131 Billion “Hidden Tax” on Main Street
PPSI’s national survey of more than 500 small business owners quantifies for the first time the real financial losses due to fraud, scams, and ransomware accrued each year by America’s small business community. It reveals that America’s small businesses are paying a staggering $131 billion annual “hidden tax” due to these threats.
At this scale, fraud is not just a small business problem. Combatting it requires coordinated action across the public and private sectors.
Key Findings
1
A Big and Growing Problem
Nearly three in four (72%) of small businesses were hit by fraud, scams, or ransomware last year.
2
Awareness Outpaces Preparedness
While 63% of small businesses say cyber threats are a serious problem, far fewer feel prepared for the most frequent attacks.
3
Fraud Defense Is a Shared Responsibility
The scale of the fraud threat means that small businesses cannot shoulder this burden alone.
A Big and Growing Problem
The survey reveals that 72% of small businesses experienced some form of fraud, scams, or ransomware last year. Among these attacks, payment fraud and email phishing are the most frequently reported. For businesses hit, losses average ~$60,000 for payment fraud and >$90,000 for email compromise.
Fraud doesn’t just drain revenue; it slows growth. Small businesses say these threats make it harder to accept payments (43%), attract and retain customers (40%), and innovate or develop new products (39%).
Additionally, it appears that the threat is accelerating: Seven in ten (71%) small business owners say AI will make attacks more frequent.
“When nearly three in four small businesses experience fraud or ransomware in a single year, this is no longer an isolated risk. It has become a routine cost of doing business. At that scale, fraud functions like a hidden tax on entrepreneurship. That’s money that should be going toward hiring, innovation, and growth, not to criminals.”
— Tammy Halevy, Executive Director, Reimagine Main Street, a project of the Public Private Strategies Institute
63% of small businesses see cyber threats as serious — but only 40% feel prepared for payment fraud, and 41% feel prepared for business email compromise.
Awareness Outpaces Preparedness
While 63% of small businesses say cyber threats are a serious problem, far fewer feel prepared for the most frequent attacks. Just 31% feel prepared for social engineering scams. And while ransomware is less common, fewer than one in three businesses (30%) say they are ready to respond to an attack.
This awareness gap compounds when the utility of tools against fraud is considered. The most effective tools are also not the most widely used. Fewer than half of small businesses (48%) use multi-factor authentication, yet among those that do, 70% say it is very effective. Similarly, only 24% carry cyber insurance, even though 61% of policyholders say it is very effective. And while just 31% conduct regular security audits, 58% of those who do say they are very effective.
Findings show that the most effective tools are not the most widely used by business owners. Across the entire sample, larger small businesses feel more prepared and have the tools to defend against fraud better than their smaller peers.
Fraud Defense Is a Shared Responsibility
Most businesses take action when incidents occur — and reporting often leads to meaningful resolution. Among businesses that experienced fraud, 77% say they reported it. Of those who reported, 54% say the matter was fully resolved and another 33% say it was partially resolved.
However, business owners see fraud prevention as a shared responsibility. A majority say business owners themselves (51%), payment platforms (51%), and financial institutions (50%) are “very responsible” for preventing and protecting against fraud.
When asked what shapes their view of responsibility, three factors stand out in nearly equal measure: who has the best visibility into threats (39%), who has control over business operations (37%), and who has the legal authority to prevent attacks or punish bad actors (37%).
For guidance on prevention, small businesses most often turn to online resources (46%), financial institutions (42%), and cybersecurity companies (39%) — underscoring the need for clear, accessible support from trusted partners.
“This survey makes one thing clear: small businesses are doing their part, but as AI and other disruptive technologies emerge they cannot fight this battle alone. Reducing this hidden tax on entrepreneurship will require stronger coordination between the private sector and policymakers. When small businesses are protected, they can focus on what they do best — creating jobs, serving customers, and driving growth.”
— Rhett Buttle, President, Public Private Strategies Institute
Frauds, Scams, and Ransomware: A Hidden Tax on Small Businesses Briefing
Following the survey release, Public Private Strategies Institute held a briefing on the findings with experts in finance and technology.
The briefing featured small business owner Walt Rowen, CEO of Susquehanna Glass Company, a family business founded by his grandfather in 1910. Walt shared details of a ransomware attack that temporarily shut down this 100+ year old small manufacturer during its busiest period.
Access The Survey Assets Below
Methodology:
This national survey was fielded by Morning Consult on behalf of Public Private Strategies Institute between December 19 - 29, 2025 among a sample of 506 small business owners in the United States (0 to 500 employees) with data weighted to approximate a target sample of small businesses based on enterprise size, NAICS industry grouping, and region.
