Specialist insurer Beazley’s third quarter 2017 Breach Insights
report released today 24 October reveals the rapid growth of social
engineering* attacks – scams involving deception - as a cause of
data breaches reported to the insurer by its clients.
Fraudsters use social engineering attacks to prey on employees’
roles in their companies in order to orchestrate the disclosure of
sensitive information or the wire transfer of money to criminal
recipients. These exploits generally take one of two
forms. The first, W-2 scams, typically occur during the
months leading to tax filing deadlines when criminals use targeted
emails to persuade a specific company employee to forward copies of
all the company’s employees’ W-2 forms. This often results in
the criminals filing false tax returns, based on the improperly
forwarded W-2 information, to claim refunds. The second
category, fraudulent instruction, occurs when a fraudster
impersonates a trusted party, such as a company executive or a
payment system vendor, to cause a fraudulent payment, often a wire
transfer, to be made into the fraudster’s account.
In the first three quarters of 2016, social engineering attacks
accounted for only 1% of the incidents handled by Beazley Breach
Response (BBR) Services, Beazley’s dedicated in-house team that
helps clients manage data breaches. This soared to 9% of the
2,013 incidents reported to BBR Services in Q1-Q3 2017.
Professional service firms had the highest percentage of social
engineering breaches followed by financial institutions and higher
education institutions.
Social engineering breaches by industry sector reported to
Beazley Q1-Q3 2017
Professional service
firms
18%
Financial
institutions
9%
Higher education
9%
Healthcare
organizations
3%
Hacking and malware remained the most prevalent cause of data
breach during the first nine months of 2017 at 34% of the total
reported to Beazley. Hacking and malware includes cyber extortion
which accounted for 30% of these attacks. Unintended disclosure
remained a major cause of breaches, despite having dipped slightly
from 35% in Q1 2017 to 29% for the first nine months of
2017.
Katherine Keefe, global head of BBR services, said: “Social
engineering can be quicker, easier and cheaper to implement for
cybercriminals than stealing data and can be much more
lucrative. As a leading data breach insurer, Beazley is
concerned at the rapid development of this trend. We are urging our
clients to implement tighter security and internal process
controls, such as a requirement for dual authorization, and ensure
that their employees are fully trained to spot potential attacks in
order to reduce the chances of this happening.”
Raf Sanchez, international breach response service manager at
Beazley, noted that trends seen in the US are also playing out in
the UK and continental Europe. “Phishing and social
engineering continue to be the main sources of attack, with higher
education establishments and the public sector, which often hold
the most sensitive and therefore the most valuable data,
particularly affected”, he said.
Healthcare - unintended disclosure losses
unabated
At 41% of the total number of breaches reported to Beazley by
organizations in the healthcare sector, the high level of
unintended disclosure is unabated and remains more than double that
of the second most frequent cause of loss, hacking or malware
(19%). Beazley also noted an upturn in the number of data
breaches caused by insiders, up from 12% of the total in 2016 to
15% in 2017.
Higher Education - mailbox vulnerabilities exposed
Phishing remains a prevalent cause of data breach for
institutions in the higher education sector. Higher education
incidents so far this year have involved one specific type of
phishing scheme targeting employee direct deposit instructions.
Attackers gain access to an employee's email inbox through
phishing, determine the type of payroll/HR system that the
institution uses, request a password reset for the employee’s login
to the system, and divert the electronic deposit of the employee’s
pay check.
Professional Services – social engineering the fastest
growing cause of breach
For professional services organizations the highest percentage
cause of breaches in Q1-Q3 2017 was hacking and malware at
48%. However, social engineering has emerged as a worrying
trend, accounting for 18% of all breaches reported to Beazley by
firms operating in this sector, and almost double that recorded for
financial institutions and higher education
establishments.
Financial Institutions – hacking and malware on the
rise
Hacking and malware attacks as a proportion of the total number
of data breaches reported to Beazley by financial institutions
clients rose to 46% in the first nine months in 2017, up from 40%
in the same period in 2016. Consistent with the overall
findings of Beazley’s Breach Insight report for the third quarter
2017, social engineering emerged as the fastest growing trend,
representing 9% of all breaches.
About Beazley Breach Response (BBR)
During the first nine months of 2017, Beazley Breach Response
Services, Beazley’s in-house team of breach response experts,
managed 2,013 incidents on behalf of clients, compared to 1,943
incidents during the whole of 2016.
Beazley has helped clients handle more than 7,000 data breaches
since the launch of Beazley Breach Response in 2009 and is the only
insurer with a dedicated in-house team focusing exclusively on
helping clients handle data breaches. Beazley's BBR Services team
coordinates the expert forensic, legal, notification and credit
monitoring services that clients need to satisfy all legal
requirements and maintain customer confidence. In addition to
coordinating data breach response, BBR Services maintains and
develops Beazley's suite of risk management services, designed to
minimize the risk of a data breach occurring.
-ends-
Note to editors:
Beazley plc is the parent company of specialist insurance
businesses with operations in Europe, the US, Canada, Latin
America, Asia, the Middle East and Australia. Beazley manages six
Lloyd’s syndicates and, in 2016, underwrote gross premiums
worldwide of $2,195.6 million. All Lloyd’s syndicates are rated A
by A.M. Best.
Beazley’s underwriters in the United States focus on writing a
range of specialist insurance products. In the admitted market,
coverage is provided by Beazley Insurance Company, Inc., an A.M.
Best A rated carrier licensed in all 50 states. In the surplus
lines market, coverage is provided by the Beazley syndicates at
Lloyd’s.
Beazley is a market leader in many of its chosen lines,
which include professional indemnity, property, marine,
reinsurance, accident and life, and political risks and contingency
business.
For more information please go to: www.beazley.com
Deborah Kostroun
Ketchum New York
Deborah.kostroun@ketchumzito.com
Kathryn Perry
Ketchum Canada
Kathryn.perry@ketchum.com
Beazley (LSE:BEZ)
Historical Stock Chart
From Apr 2024 to May 2024
Beazley (LSE:BEZ)
Historical Stock Chart
From May 2023 to May 2024