One more reason things cost more today: cybercrime.

A survey by the Identity Theft Resource Center, a San Diego-based education and victim resource nonprofit, found that 38% of small businesses hit by a cyberscam or breach in the previous 12 months passed those losses to customers by raising prices.

Another key finding: Cybercrime against small businesses is increasingly fueled by artificial intelligence.

“The era of predictable, human-scale threats has been superseded by a new reality of automated, intelligent and massively scalable attacks powered by AI,” said the report, which discusses trends in threats, prevention and attacks. It also gives detailed recommendations about network and application security, data protection and employee and contractor practices. (The survey reached out to more than 650 companies across more than 12 industries in August.)

Eva Velasquez, the CEO of the Identity Theft Resource Center, said the results offer a stark reminder that hackers aren’t picky. They will grab data and money from anyone, including large and small businesses, and individuals.

“When we think about risk, it really is all businesses,” Velasquez said. From mom and pops to large companies, “They’re all attractive to hackers.” Small businesses sometimes don’t pay enough attention to cybersecurity “because they think they’re not vulnerable. They think, ‘Well, why would anybody target me?’”

Not only are they being targeted, but they are being successfully breached, some multiple times a year. Two or three breaches in a 12-month period was the most common pattern. Another 34% had one breach and almost 12% had four or more.

One encouraging shift: The percentage of companies with one or two breaches increased from 2024, while the percentage of companies with more than two breaches dropped. Perhaps companies are improving their cybersecurity protocols after a first or second breach.

The report, however, said companies being hit only once says something about cyber attackers’ methods.

“Threat actors appear to be focusing on opportunistic, high-volume strikes. This alters the risk calculus for (small businesses), shifting the primary challenge from defending against a determined, persistent adversary to repelling a continuous barrage of single-shot attacks from a multitude of sources.”

The nonprofit helps individuals for free, and business in some cases get charged fees used to fund its free services. The nonprofit faced a significant drop in federal government grants last year, but remains financially robust thanks to private donors and unclaimed awards from class action settlements, Velasquez said.

“Our services remain available at the same level they were prior to changes in the federal grant processes/availability,” Velasquez said.

AI attacks have skyrocketed

Four out of five small businesses reported they were victims of a security or data breach in the past 12 months — a statistic unchanged from a year before.

But the nature of these attacks has changed, with AI taking center stage.

In past surveys of small businesses that suffered cyber and data breaches, incidents were caused by insecure cloud environments, ransomware, hackers, malicious employees or contractors, lapses by remote workers, software flaws and attacks on third-party vendors, the report said.

AI was not even named as a cause, as recently as 2024.

But in 2025, 41% of small business victims said AI was the root cause of a recent attack.

Generative AI can craft “highly personalized social engineering attacks that mimic the tone and context of legitimate internal communications,” the report says.

Hackers now are launching large-scale, automated attacks that cover a lot more ground, Velasquez said.

In cybercrime, AI is the great equalizer. Sophisticated scams can be carried out by less knowledgeable wrongdoers who use generative AI.

“These tools are effectively democratizing advanced attack capabilities that were once the domain of highly skilled actors,” the report said.

The cause for data and cyber breaches that saw the biggest percent drop in 2025, compared to 2024, was remote work — which makes sense, as workers have returned to offices. Every other cause of attacks has also dipped, perhaps as scammers and data thieves turned to AI.

While AI was added to the list and some causes became less prevalent, no cause disappeared.

Paying the price

When small businesses suffer a breach or fraud, the financial hit can include lost revenue, legal costs, fines and penalties, insurance, marketing and security overhauls.

Adding up these expenses, the survey found that 37% of companies lost more than $500,000 last year, per incident. A quarter lost up to $250,000 and another quarter lost between $250,000 and $500,000.

To recoup costs, companies used cash reserves, turned to investors for funds, cut jobs, or tapped credit and cyber insurance. They also adopted a new tactic: 38% raised prices.

“This represents a significant, inflationary macroeconomic ripple effect stemming directly from the worsening cyberthreat landscape for small businesses,” the report said.

One reason for this change may be that other sources of funding were harder to come by. A smaller percentage got money from investors to respond to cyber and data breach incidents in 2025 than 2024. Also, fewer companies turned to cyber insurance, with almost a quarter of companies saying they had “difficulty obtaining or renewing cyber insurance” after a breach. “This suggests that as the frequency and cost of claims have risen, insurers have responded by adjusting underwriting standards.”

Compared to 2024, fewer companies cut jobs as a way to offset losses due to cybercrime: 18%, down from 27%.

Relying less on insurance and investors, and opting to cut fewer jobs as a result of cyber breaches, may have each or all contributed to the raising of prices.

Preventing losses

Which sensitive data did crooks slink away with?

Employee data was most commonly accessed in breaches, with customer data and company IP both ranking close behind.

To fight back, some companies have robust tools in place, but the survey also found a disturbing trend. “The implementation of critical security measures, such as multi-factor authentication, has declined,” it said. One reason, the report posited: company leaders are overwhelmed and “neglecting the very basics that provide an effective defense.”

Velasquez and her nonprofit urge companies to keep studying known and evolving threats and to keep adapting their cybersecurity practices.

“The single most critical access control for any (small business) to implement is MFA,” the report said. MFA stands for multi-factor authentication — a system of safety checks where a request to access secure information has to be vetted through multiple, independent channels. MFA makes it “significantly harder for attackers to use stolen passwords.”

Examples of these are free authenticator apps (like Google Authenticator), SMS codes that get sent to a user’s phone when they try to log in using a password, and physical hardware tokens.

The report cited an “alarming decline in MFA adoption for internal systems,” from around 33% in 2024 to around 27% in 2025. This “represents a critical, high-priority vulnerability that SBs must address immediately.”

‘A societal shift’

“Really good companies with robust cybersecurity can have a breach,” Velasquez said. “It’s not an automatic indicator of negligence.”

But companies with less robust cybersecurity are far more at risk.

The report has six pages of tips for preventing cyber and data breaches and countering AI-powered attacks. These range from what kind of training companies should offer to how firewalls should be set up, to data encryption best practices and more.

Small businesses need to strengthen their prevention, but Velasquez also made this pitch to consumers: don’t turn away from companies that are taking steps to protect your data, even if it’s annoying.

That crushingly long four-second delay until a verification text message arrives, the extra screen taps involved in using an authenticator app — those are a sign a company is doing things right.

“One of the conflicts that we have is convenience versus security. And businesses are fighting this tension between, ‘I have to be secure and I have to make people jump through hoops to prove that they are who they say they are, so that I can protect their data, their account, their information.’ And individuals going, ‘I want convenience.’”

“If we have a societal shift where we understand that some friction, a little bit of inconvenience, is actually good for us,” she said.

A company that asks you to do those things is one you should do business with, Velasquez added, “because you know that they have put measures in place to protect you and your data.”

By HALLIE GOLDEN

A 5-year-old boy arriving home from preschool in Minnesota was taken by federal agents along with his father to a detention facility in Texas, school officials and the family’s lawyer said, making him the latest child caught up in the immigration enforcement surge that has riled the Twin Cities in recent weeks.

Federal agents took Liam Conejo Ramos from a running car while it was in the family’s driveway on Tuesday afternoon, Columbia Heights Public Schools Superintendent Zena Stenvik said during a news conference Wednesday. The officers then told him to knock on the door to his suburban Minneapolis home to see if other people were inside, “essentially using a 5-year-old as bait,” she said.

Stenvik said the family has an active asylum case and has not been ordered to leave the country.

“Why detain a 5-year-old?” she asked. “You cannot tell me that this child is going to be classified as a violent criminal.”

Department of Homeland Security spokesperson Tricia McLaughlin said in a statement that “ICE did NOT target a child.”

She said Immigration and Customs Enforcement was conducting an operation to arrest the child’s father, Adrian Alexander Conejo Arias, who McLaughlin said is from Ecuador and in the U.S. illegally. He fled on foot without the boy, she said.

“For the child’s safety, one of our ICE officers remained with the child while the other officers apprehended Conejo Arias,” McLaughlin said, adding that parents are given the choice to be removed with their children or have them placed with a person of their choosing.

Stenvik said another adult who lives at the home was outside when the father and son were taken, but agents wouldn’t leave Liam with that person. DHS didn’t immediately to respond an email Thursday asking if Conejo Arias had asked to keep his son with him.

Liam and his father were being held in a family holding cell in Texas, Marc Prokosch, the family’s lawyer, said during the news conference.

“Every step of their immigration process has been doing what they’ve been asked to do,” Prokosch said of the family’s asylum claim. “So this is just cruelty.”

Minnesota has become a major focus of immigration sweeps by DHS-led agencies. Greg Bovino, a U.S. Customs and Border Patrol official who has been the face of the crackdowns in Minneapolis and other cities, said 3,000 “of some of the most dangerous offenders” have been arrested in Minnesota in the last six weeks.

Julia Decker, policy director at the Immigrant Law Center of Minnesota, said advocates have no way of knowing whether the government’s arrest numbers and descriptions of the people in custody are accurate.

Liam is the fourth student from Columbia Heights Public Schools who has been detained by ICE in recent weeks, said Stenvik. A 17-year-old student was taken Tuesday while heading to school, and a 10-year-old and a 17-year-old have also been taken, she said.

The district is made up of five schools and about 3,400 students from pre-K to 12th grade, according to its website. The majority of the students come from immigrant families, according to Stenvik.

She said they’ve noticed their attendance drop over the past two weeks, including one day where they had about one-third of their students out from school.

Ella Sullivan, Liam’s teacher, described him as “kind and loving.”

“His classmates miss him,” she said. “And all I want is for him to be safe and back here.”

___

Associated Press reporter Kathy McCormack contributed to this story.

Related Articles

Army orders military police to get ready for a possible Minneapolis deployment, AP source says

Autopsy finds Cuban immigrant in ICE custody died of homicide due to asphyxia

Minnesota corrections officials again dispute ICE numbers on criminals

DFL state lawmakers decry ICE tactics toward U.S. citizens

Immigration officers assert sweeping power to enter homes without a judge’s warrant, memo says

A woman who led an anti-immigration enforcement protest that disrupted a service at a Minnesota church has been arrested, Attorney General Pam Bondi said Thursday.

Bondi announced the arrest of Nekima Levy Armstrong in a post on X days after protesters during Sunday service entered the Cities Church in St. Paul, where a local official with U.S. Immigration and Customs Enforcement serves as a pastor.

The Justice Department quickly opened a civil rights investigation after the group interrupted services by chanting “ICE out” and “Justice for Renee Good,” referring to the 37-year-old mother of three who was fatally shot by an ICE officer in Minneapolis earlier this month.

“Listen loud and clear: WE DO NOT TOLERATE ATTACKS ON PLACES OF WORSHIP,” the attorney general wrote on X.

Levy Armstrong, a civil rights attorney and prominent local activist, had called for the pastor affiliated with ICE to resign, saying his dual role poses a “fundamental moral conflict.”

“You cannot lead a congregation while directing an agency whose actions have cost lives and inflicted fear in our communities,” she said Tuesday. “When officials protect armed agents, repeatedly refuse meaningful investigation into killings like Renée Good’s, and signal they may pursue peaceful protesters and journalists, that is not justice — it is intimidation.”

Prominent leaders of the Southern Baptist Convention have come to the church’s defense, arguing that compassion for migrant families affected by the crackdown cannot justify violating a sacred space during worship.

This is a breaking news story. Check back for updates.

Related Articles

Army orders military police to get ready for a possible Minneapolis deployment, AP source says

Autopsy finds Cuban immigrant in ICE custody died of homicide due to asphyxia

Minnesota corrections officials again dispute ICE numbers on criminals

DFL state lawmakers decry ICE tactics toward U.S. citizens

Immigration officers assert sweeping power to enter homes without a judge’s warrant, memo says

By CLAUDIA LAUER, Associated Press

Data collected from 35 American cities showed a 21% decrease in the homicide rate from 2024 to 2025, translating to about 922 fewer homicides last year, according to a new report from the independent Council on Criminal Justice.

Related Articles

Wall Street claws for more gains in wake of Greenland de-escalation

Millions of Americans prepare for potentially catastrophic ice storm. Here’s what the numbers show

Watch: Oscar nominations are getting underway. ‘Sinners’ could make history

Auction marking the United States’ 250th birthday features some of its most iconic documents

Today in History: January 22, ‘Unabomber’ Ted Kaczynski pleads guilty

The report, released on Thursday, tracked 13 crimes and recorded drops last year in 11 of those categories including carjackings, shoplifting, aggravated assaults and others. Drug crimes saw a small increase over last year and sexual assaults stayed even between 2024 and 2025, the study found.

Experts said cities and states beyond those surveyed showed similar declines in homicides and other crimes. But they said it’s too early to tell what is prompting the change even as elected officials at all levels — both Democrats and Republicans — have been claiming credit.

Adam Gelb, president and CEO of the council — a nonpartisan think tank for criminal justice policy and research — said that after historic increases in violence during the COVID-19 pandemic, this year brought historic decreases. The study found some cities recorded decades-low numbers, with the overall homicide rate dropping to its lowest in decades.

“It’s a dramatic drop to an absolutely astonishing level. As we celebrate it we also need to unpack and try to understand it,” Gelb said. “There’s never one reason crime goes up or down.”

The council collects data from police departments and other law enforcement sources. Some of the report categories included data from as many as 35 cities, while others because of differences in definitions for specific crimes or tracking gaps, include fewer cities in their totals. Many of the property crimes in the report also declined, including a 27% drop in vehicle thefts and 10% drop in shoplifting among the reporting cities.

The council’s report showed a decrease in the homicide rate in 31 of 35 cities including a 40% decrease or more in Denver, Omaha, Nebraska, and Washington. The only city included that reported a double-digit increase was Little Rock, Arkansas, where the rate increased by 16% from 2024.

Gelb said the broad crime rate decreases have made some criminologists question historic understandings of what drives trends in violent crime and how to battle it.

“We want to believe that local factors really matter for crime numbers, that it is fundamentally a neighborhood problem with neighborhood level solutions,” he said. “We’re now seeing that broad, very broad social, cultural and economic forces at the national level can assert huge influence on what happens at the local level.”

Republicans, many of whom called the decrease in violent crime in many cities in 2024 unreliable, have rushed to say that tough-on-crime stances like deploying the National Guard to cities like New Orleans and the nation’s capital, coupled with immigration operation surges, have all played a role in this year’s drops.

However, cities that saw no surges of either troops or federal agents saw similar historic drops in violent and other crimes, according to the Council’s annual report.

Democratic mayors are also touting their policies as playing roles in the 2025 decreases.

Jens Ludwig, a public policy professor and the Director of the University of Chicago Crime Lab, stressed that many factors can contribute to a reduction in crime, whether that’s increased spending on law enforcement or increased spending on education to improve graduation rates.

“The fact that in any individual city, we are seeing crime drop across so many neighborhoods and in so many categories, means it can’t be any particular pet project in a neighborhood enacted by a mayor,” Ludwig said. And because the decrease is happening in multiple cities, “it’s not like any individual mayor is a genius in figuring this out.”

He said while often nobody knows what drives big swings in crime numbers, the decrease could be in part due to the continued normalization after big spikes in crime for several years during the pandemic. A hypothesis that stresses the declines might not last.

“If you look at violent crime rates in the U.S., it is much more volatile year to year than the poverty rate, or the unemployment rate; It is one of those big social indicators that just swings around a lot year to year,” Ludwig said. “Regardless of credit for these declines, I think it’s too soon for anybody on either side of this to declare mission accomplished.”