Beazley Breach Insight: Middle-market cyber attacks rise during the pandemic

Global breach data shows rise in social engineering scams

Specialist insurer Beazley has reported that middle market organizations have been especially hard hit by online social engineering attacks during the pandemic. In the second quarter (Q2) of 2020, cybercriminals targeted businesses that remained open during lockdown where many employees were working remotely, making them more susceptible to cyber attacks.

Of all the social engineering attacks reported to Beazley Breach Response (BBR) Services globally in Q2, 60% of organizations targeted were in the middle market (defined as over $35 million in annual revenue), up from 46% in Q1.

Social engineering involving a system infiltration remained at a steady rate in the first half of the year. Fortunately, in more than 80% of reported incidents, the attack is stopped before a direct financial loss occurs.

Kimberly Horn, Beazley’s global claims team lead for cyber & tech, said: “Middle market organizations have been resilient in maintaining their day-to-day operations during the pandemic and, in turn, their employees are more available to be targeted. Additionally, cybercriminals are executing more sophisticated attacks and middle market organizations provide richer targets.

As our global breach data has demonstrated, if an incident is responded to early enough, an organization can often avoid a direct financial loss such as stolen funds. Modest investments in training and process changes could reduce the likelihood of falling victim.”

Fraudulent instruction attacks also primarily hit middle market organizations, which were the target in 55% of incidents, compared to 24% in Q1. In looking at individual sectors, healthcare, financial institutions, manufacturing, real estate, and education were the most targeted industries in Q2. The full Beazley Breach Insight report including tips on preventing social engineering and business email compromise is available here.