Business email accounts faced an increasing amount of cyber attacks in the 2018 second quarter, according to a new report from Beazley.
The report is specific to information handled by the specialist insurer’s Beazley Breach Response Services team.
About 23 percent of incidents reported to BBR were involved with email, with the worst hit organizations using Microsoft’s Office 365 cloud-based productivity product, Beazley found. The attacks also hit broadly across multiple industries.
“Business email compromise attacks are among the most expensive data breaches we see,” Katherine Keefe, head of BBR Services, said in prepared remarks. “Years of emails often need to be combed through to identify personally identifiable information or protected health information that has been compromised. In the majority of cases, multiple inboxes are compromised.”
In April, Beazley’s last report on the issue noted that cyber criminals are targeting business email accounts at an accelerated rate.
These attacks were costly. Larger attacks scale email attacks could cost more than $2 million, particularly if they involved the sending and receipt of personally identifiable information and protected health information, according to the specialist insurer’s findings. Costs would cover legal, forensics, data mining, manual review, notification, call center and credit monitoring.
Beazley noted that even a smaller email cyber attack isn’t cheap, as it can easily surpass $100,000.
Beazley said that turning on two-factor authentication (password and user name, plus unique personal information) can help counter these kinds of email attacks. Another way that works: Disabling the ability for third-party applications to access Office 365.
Here are some other highlights from the Q2 Beazley report:
- Hack or malware attacks (39 percent) and accidental disclosure (22 percent) were the top two causes of data breaches during the 2018 second quarter.
- Hack/malware attacks dipped 3 percent from the first quarter, even as email compromises increased. Beazley said that the slight dip in ransomware incidents in Q2 were the cause.
- For financial services, 49 percent of all data breaches reported to BBR in the second quarter involved hack or malware. This was down from 55 percent in the first quarter. There were more insider incidents, which Beazley said led to the percentage shift.
The full report from Beazley Breach Insights is “Office 365 email attacks continue relentless rise.”