The FBI’s 2024 Internet Crime Report is out and and small businesses are squarely in the crosshairs. Cybercrime is bigger, faster, and more expensive than ever.  For the full report, Read it Here. 

Here’s what you need to know:

Cybercrime Is Breaking Records

• $16.6 billion in reported losses in 2024 — a 33% jump from 2023​.
• The FBI’s Internet Crime Complaint Center (IC3) received over 859,000 complaints—an average of more than 2,300 complaints every single day​.
• Small businesses, contractors, and local organizations made up a significant percentage of victims, especially through scams targeting operational payments and data.

Translation? If you think you’re too small to be a target, you’re exactly the kind of target cybercriminals are hoping for.

Top Cyber Threats Facing Small Businesses

According to the 2024 report, here’s what’s hitting businesses hardest:

1. Business Email Compromise (BEC)

• $2.7 billion in reported losses​.
• BEC attacks trick businesses into wiring money to fraudsters, often by impersonating executives, suppliers, or real estate agents.

2. Phishing and Spoofing

• Nearly 200,000 complaints in 2024​.
• These low-effort, high-success scams are often the gateway to bigger attacks like ransomware.

3. Tech Support Scams

• $1.46 billion lost​.
• Criminals pose as IT support to convince businesses to grant remote access or wire payments.

4. Ransomware

• Over 3,100 ransomware complaints filed​.
• The real cost? The FBI notes these figures only represent reported direct losses—not downtime, legal fees, or reputation damage.

How the Money Moves: Top Fraud Tactics

When it comes to how victims are losing money:

• Cryptocurrency scams lead the way, with $9.3 billion in related losses​.
• Wire transfers, credit/debit cards, and peer-to-peer payments (like Venmo, Zelle) were other top loss methods​.

For small businesses, this means securing payment workflows—especially involving invoices, transfers, and vendor communications—must be a top priority.

Critical Sectors Are Under Attack

Organizations tied to critical infrastructure, including manufacturing, energy, water, healthcare, reported more cyber threats than ever before:

• 4,878 cyber-related complaints from critical infrastructure sectors​.
• Ransomware and data breaches were the most common incidents​.

Small businesses operating in these sectors (even as contractors or vendors) are at heightened risk.

FBI Warnings: Cybercrime Is Getting More Sophisticated

The FBI’s 2024 report and the latest press release both stress this:  Cybercriminals are no longer just kids in basements.
They’re professional syndicates using automation, AI, and global networks to scale attacks faster than most small businesses can react.

Efforts like Operation Level Up helped freeze millions of dollars and disrupted major fraud rings, but prevention remains the best defense​.

What Small Businesses Should Do Now

• Train your employees to spot phishing and scams—awareness is still the first line of defense.
• Have an Incident Response Plan in place, even if you’re small. 
• Review and update cybersecurity policies at least annually.
• Implement Multi-Factor Authentication (MFA) — especially for email, finance, and admin accounts.
• Regularly back up critical data and store copies offline.
• For more, check out Spring Cleaning Checklist to get started.
• If you don’t know where to start, OrbitalFire Can Help.

Final Thought: Small Doesn’t Mean Safe

The 2024 FBI report reinforces that size doesn’t protect you—it exposes you. Small businesses need big strategies when it comes to cybersecurity.

The good news? Small businesses are less complicated, so creating a cybersecurity strategy that fits your business mission doesn’t have to be overwhelming. A few smart moves today can save you millions tomorrow.

Ready to leave “low-hanging fruit” status behind? Start with a Cybersecurity Assessment