Article img

Beazley Breach Insight: Middle-market cyber attacks rise during the pandemic

  • Published by:

  • Topics:
    • Cyber
    • Emerging Risks
    • Risk Management
    • Topical Trends

Global breach data shows rise in social engineering scams...

Beazley has reported that middle market organisations have been especially hard hit by online social engineering attacks during the pandemic. In the second quarter (Q2) of 2020, cybercriminals targeted businesses that remained open during lockdown where many employees were working remotely, making them more susceptible to cyber attacks.

Of all the social engineering attacks reported to Beazley Breach Response (BBR) Services globally in Q2, 60% of organisations targeted were in the middle market (defined as over $35 million in annual revenue), up from 46% in Q1.

Social engineering involving a system infiltration remained at a steady rate in the first half of the year. Fortunately, in more than 80% of reported incidents, the attack is stopped before a direct financial loss occurs.

Kimberly Horn, Beazley’s global claims team lead for cyber & tech, said: “Middle market organisations have been resilient in maintaining their day-to-day operations during the pandemic and, in turn, their employees are more available to be targeted. Additionally, cybercriminals are executing more sophisticated attacks and middle market organizations provide richer targets.

“As our global breach data has demonstrated, if an incident is responded to early enough, an organization can often avoid a direct financial loss such as stolen funds. Modest investments in training and process changes could reduce the likelihood of falling victim.”

Fraudulent instruction attacks also primarily hit middle market organisations, which were the target in 55% of incidents, compared to 24% in Q1. In looking at individual sectors, healthcare, financial institutions, manufacturing, real estate, and education were the most targeted industries in Q2. The full Beazley Breach Insight report including tips on preventing social engineering and business email compromise is attached.