6 Industries Most Vulnerable to Cyber Attack in 2023
6 Industries Most Vulnerable to Cyber Attack 2023
In an age characterized by rapid digital advancements, cyber-attack risk has become increasingly significant. As we navigate the interconnected world, specific industries find themselves in precarious positions, facing the potential of devastating cyber assaults. Today, we shed light on the unsuspecting victims of this crime—the six industries most vulnerable to cyber-attacks. Prepare yourself as we unveil the alarming truth behind the imminent dangers jeopardizing these crucial pillars of our economy.
Key Findings
- The manufacturing industry experienced the highest cyber-attacks in 2021 and 2022
- Personal data has emerged as the most vulnerable and compromised data type in the manufacturing sector (66%).
- In 2022, the finance and insurance sector accounted for approximately 18.9% of the attacks among all industries targeted, a slight decrease from the previous year accounting for 22.4%.
- Regarding threat actors, internal ones were responsible for 44% of the breaches in finance and insurance.
- In 2021 and 2022, energy organizations, encompassing electric utilities and oil and gas companies, remained a highly targeted industry, ranking fourth in cyber attacks.
- The retail and wholesale industry ranks as the fifth-most targeted sector, retaining its 2021 ranking.
- The most commonly targeted data types compromised in retail include Payment Card information (42%), Personal data, and Credentials (33%).
- The educational sector has secured the sixth spot among the top industries most vulnerable to cyber-attacks.
Manufacturing
Once again, for the second consecutive year, the manufacturing industry has found itself at the receiving end of the highest number of cyber-attacks. According to the latest data, the manufacturing industry experienced the highest cyber-attacks in 2021 and 2022. In 2021, it accounted for 23.2% of all reported attacks, and this number increased to 24.8% in 2022.
Like other industries mentioned below, the manufacturing industry fell victim to the insidious combination of System Intrusion, Social Engineering, and Basic Web Application Attacks.
In the manufacturing industry, the majority of threat actors, accounting for approximately 82%, originate from external sources. It’s also crucial to acknowledge that there is a notable portion, about 19%, of threat actors who are internal, meaning they are individuals or entities within the manufacturing organizations themselves.
Personal data has emerged as the most vulnerable and compromised data type in the manufacturing sector, with 66%, followed by Credentials, with 42%. This shift can be attributed to several factors, including the growing prevalence of automation and the increased ease of cyber attacks.
Additionally, the Asia-Pacific region accounted for the highest number of incidents in the manufacturing sector, representing approximately 61% of the cases. Europe and North America shared the second position, each contributing 14% of the incidents. Latin America followed closely with 8%, while the Middle East and Africa accounted for 4% of the total incidents.
Finance and insurance
In 2022, the finance and insurance sector experienced approximately 18.9% of all targeted attacks across industries, representing a slight decrease from the previous year’s 22.4%.
According to data, a significant majority of breaches, accounting for 81%, can be attributed to various types of errors, including Miscellaneous Errors, Basic Web Application Attacks, and Social Engineering as the leading tactics.
Personal data has become the most vulnerable and compromised type of information in the finance sector, accounting for 83% of such incidents. Bank-related data follows closely, with a rate of 33% vulnerability.
Regarding threat actors, internal ones were responsible for 44% of the breaches in this particular industry. Among their activities, the most common occurrences were accidental actions, with 55% attributed to mistakenly sending emails to unintended recipients. On the other hand, external actors accounted for 56%, with credential and ransomware attacks being the most common type.
Professional, business, and consumer services
The professional, business, and consumer services category ranks third in cyber attacks. It consists of professional services, which comprises consultancies, management companies, and law firms; business services, which include IT and technology services, advertising, public relations, and communication; and consumer services— home builders, arts, entertainment, recreation, and real estate.
This category has experienced a significant increase in the proportion of victims. The percentage of victims has risen from 8.7% in 2020 and 12.7% in 2021 to 14.6% at present.
More specifically, professional services comprise 52% of victims within this sector, business services account for 37%, and consumer services represent 11%.
Nearly half of the cases (47%) in this particular industry occurred in Europe, followed by North America with a third (33%) of the cases. The Asia-Pacific region accounted for 10%, while the Middle East and Africa had 7%. Latin America had the lowest percentage, with only 3% of the cases falling within this industry.
Energy
In 2021 and 2022, energy organizations, encompassing electric utilities and oil and gas companies, remained a highly targeted industry, ranking fourth in cyber attacks. These attacks accounted for 10.7% of the total, a slight increase from the 8.2% reported in 2021.
Social Engineering has emerged as the prevailing method in cybersecurity breaches and incidents within this sector. Notably, numerous organizations have fallen victim to persistent phishing campaigns. Social Engineering alone comprises 86% of the breaches, overshadowing System Intrusions and Basic Web Application Attacks. Another significant type of attack is Ransomware, contributing to 44% of non-Social Engineering attacks in this industry.
Regarding actor motives, this sector faces relentless attacks from financially motivated actors (78%), followed by espionage.
Globally, North American organizations were the primary targets in 46% of cases, whereas Europe and Latin America each accounted for 23%. Incidents in Asia-Pacific, the Middle East, and Africa comprised less than 5% of the total.
Globally, North American organizations were the primary targets in 46% of cases, whereas Europe and Latin America each accounted for 23%. Incidents in Asia-Pacific, the Middle East, and Africa comprised less than 5% of the total.
Retail and wholesale
Retail is vulnerable to cyber attacks due to the large amount of customer data they collect, inadequate cybersecurity measures, vulnerabilities in point-of-sale systems, the expansion of online shopping, risks associated with third-party vendors, and potential insider threats. According to data, the retail and wholesale industry maintained its fifth-place ranking in terms of being targeted, with 8.7% of total attacks.
System Intrusion, Social Engineering, and Basic Web Application Attacks account for approximately 77% of security breaches in retail. System Intrusion involves unauthorized access to computer systems, Social Engineering manipulates individuals to gain confidential information, and Basic Web Application Attacks exploit vulnerabilities in web applications.
The industry experiences the majority of threat actors from external sources, accounting for 84% of the total. On the other hand, internal threat actors contribute to 17% of the overall threats within the industry.
The most commonly targeted data types compromised in this industry include Payment Card information (42%), which financially motivated criminals highly seek. Personal data is also frequently targeted (41%), followed by Credentials (33%), another valuable type of data often compromised.
The retail and wholesale industry witnessed the most notable attacks in North America and Latin America, both regions accounting for an equal share of 39% each. On the other hand, Europe experienced a comparatively lower proportion of incidents, constituting 22% of the total cases.
Education
The COVID-19 pandemic has undoubtedly accelerated the adoption of hybrid and online education, leading educational institutions to embrace new realities such as cloud-based data storage, online documentation and payments, and digital data sources. While these advancements have facilitated remote learning and streamlined administrative processes, they have also introduced a higher risk of data leaks and breaches compared to the era of physical storage.
According to data, the educational sector is found among the top industries most vulnerable to cyber-attacks, accounting for 7.3% of them. Social engineering has emerged as the prevailing data breach pattern within the education sector, securing the top spot among various malicious tactics. Pretexting stands out as the foremost approach attackers adopt among the diverse social engineering methods, followed by phishing.
Regarding actor motives, this sector faces relentless attacks from financially motivated actors (96%) seeking to infiltrate the data and systems of victims.
With 80%, external threat actors take the first place in the education industry. On the other hand, Internal actors make up the remaining 20% of attacks.
Regarding regional distribution, the Asia-Pacific region dominated the cases within the education sector, accounting for a substantial 67%. Following behind was North America, comprising 27% of the cases, while Latin America accounted for a comparatively smaller share of 6%.
Methodology
Our analysis was conducted using a rigorous methodology that entailed collecting data from the most recent reports published by IMB and Verizon, which delve into the topic of cyber attacks and their consequences across various industries. To begin, we meticulously examined these reports to extract pertinent information. Our primary objective was to identify the industries that experienced the highest frequency of cyber attacks and the predominant patterns of these attacks. Moreover, we sought to determine the threat actors responsible for such incidents, their motives, and the extent to which data was compromised.
Sources
About
University of the Potomac (formerly Potomac College) is a private for-profit university with campuses in Washington, DC; Falls Church, Virginia; and Chicago, Illinois. It offers Associate of Science, Bachelor of Science, Graduate, and advanced certification programs and is accredited by the Middle States Commission on Higher Education
Media Contacts
Shqiponje Gashi
Content Marketing Associate
shqiponje.gashi@manaferra.com
