Middle market firms have become the major target for cybercriminals as employees become more exposed to new attacks.
Specialist insurer Beazley has reported that middle market organisations have been especially hard hit by online social engineering attacks during the pandemic. It found in the second quarter of 2020, cybercriminals targeted businesses that remained open during lockdown where many employees were working remotely, making them more susceptible to cyber attacks.
Kimberly Horn, Beazley’s global claims team lead for cyber & tech, said: “Middle market organisations have been resilient in maintaining their day-to-day operations during the pandemic and, in turn, their employees are more available to be targeted. Additionally, cybercriminals are executing more sophisticated attacks and middle market organizations provide richer targets.
“As our global breach data has demonstrated, if an incident is responded to early enough, an organization can often avoid a direct financial loss such as stolen funds. Modest investments in training and process changes could reduce the likelihood of falling victim.”
Of all the social engineering attacks reported to Beazley Breach Response (BBR) Services globally in Q2, 60% of organisations targeted were in the middle market (defined as over $35 million in annual revenue), up from 46% in Q1.
Social engineering involving a system infiltration remained at a steady rate in the first half of the year. Fortunately, in more than 80% of reported incidents, the attack is stopped before a direct financial loss occurs.
Fraudulent instruction attacks also primarily hit middle market organisations, which were the target in 55% of incidents, compared to 24% in Q1. In looking at individual sectors, healthcare, financial institutions, manufacturing, real estate, and education were the most targeted industries in Q2. The full Beazley Breach Insight report including tips on preventing social engineering and business email compromise is attached.