Middle-market organisations have been especially hard-hit by online social-engineering attacks during the COVID-19 pandemic, according to a report by specialist insurer Beazley. In the second quarter, cyber criminals targeted businesses where many employees were working remotely, Beazley said.
Of all the social-engineering attacks reported to Beazley Breach Response (BBR) Services during Q2, 60% of targeted companies were in the middle market (defined as more than US$35 million in annual revenue), up from 46% in the first quarter.
Social engineering involving system infiltration remained steady over the first half, Beazley reported. Fortunately, the attack was stopped before direct financial loss occurred in more than 80% of reported incidents.
“Middle-market organisations have been resilient in maintaining their day-to-day operations during the pandemic and, in turn, their employees are more available to be targeted,” said Kimberly Horn, Beazley’s global claims lead for cyber and tech. “Additionally, cyber criminals are executing more sophisticated attacks and middle-market organisations provide richer targets. As our global breach data has demonstrated, if an incident is responded to early enough, an organisation can often avoid a direct financial loss such as stolen funds. Modest investments in training and process changes could reduce the likelihood of falling victim.”
Middle-market organisations were also the primary victims of fraudulent-instruction attacks, being targeted in 55% of incidents, up from 24% in Q1. Healthcare, financial institutions, manufacturing, real estate, and education were the most targeted industries in the second quarter, Beazley said.