What Were the Most Targeted Industries for Cyber-Attacks in 2023?

Cyber-attacks rarely seem to decrease. In 2023, for example, ransomware victims were doubling globally. In all sectors, no matter what size your organization is, your company will be a target of some form of attack. Phishing is one of the most prevalent. UK figures show that over 80% of companies suffered a phishing attack in 2023. Around the world, there has been a 97% increase in email phishing attacks.

However, some industries may be more at risk of an attack than others.

TitanHQ looks at which sectors are in the sights of cybercriminals and what organizations in those industries can do to protect themselves.

A Who’s Who of Targeted Cyber-Attacks

In 2023, the world saw a series of severe cyber-attacks targeting various commercial and critical infrastructures. The number of breached data records is staggering; research identified 8,214,886,660 breached data records in 2023, pretty much one for every person in the world; many of these records are duplicated.

Some of the attacks that made it to the headlines include the following:

USA: a study into attacks on USA critical infrastructures (CIs) found that threat actors targeted 163 countries, with the USA being the most targeted. In the USA, during 2023, there were 13 attacks per second on CIs, a 30% increase from 2022. But it isn't just critical infrastructures that are at risk. Some headline cyber-attacks on USA soil in 2023 include a ransomware attack on Johnson Controls, a technology provider; hackers demanded $51 million to provide a decryptor and delete stolen data. Attackers also targeted the Shields Health Care Group; cybercriminals managed to gain unauthorized access to the provider's systems, stealing the personal data of 2.3 million patients.

Europe: The European Council records, "10 terabytes of data are stolen monthly, and ransomware is one of the biggest cyber threats in the EU." Europe is a target for Russian-backed state-sponsored hacking groups because of the war in Ukraine. Some examples of large-scale cyber-attacks on European companies include the UK's Royal Mail, which was hit by a ransomware attack, the hackers demanding almost $80 million to return stolen data. In early 2024, France Travail was a victim of a data breach that affected 43 million people.

Asia-Pacific (APAC): Shocking data from the Global Intelligence Office report Navigating Cyber 2024 has found that 1 in 20 APAC companies were ransomware victims in 2023. Vectors of attack included social engineering, SEO poisoning, malvertising (infected online ads), and QR code phishing. Significant attacks recorded in the APAC region in 2023 include Latitude Financial. The Australia FI suffered a data breach affecting 14 million customers when an attacker used employee login credentials to access the data.

The number of breached data records is staggering; research identified 8,214,886,660 breached data records in 2023, pretty much one for every person in the world.

IT Governance

Industries at Risk from Cyber-Attacks

Globally, cyber-attacks continue to affect all sectors aggressively. However, a report into the most targeted industries is worrying for most sectors. The top sectors most targeted for cyber-attacks in 2023 are listed as:

1. Healthcare (809)
2. Financial services (744)
3. Manufacturing ** (data for 2022 - 249)
4. Professional services (308)
5. Education (173)
6. Technology (167)
7. Government (100)

** Based on 2022 data, Manufacturing will likely to be third on the list. However, 2023 data still needed to be included.

Looking at the increase in attacks between 2022 and 2023 shows a different picture:

1. Financial services - 439.1% increase.
2. Education - 311.9% increase.
3. Healthcare - 164.4% increase.
4. Government - 112.8% increase.
5. Technology - 91.9% increase.
6. Professional services - 32.2% increase.

The percentage increase in attacks may show increased targeting of a specific industry sector. Alternatively, the sectors with a lower increase could be taking more effective precautions. It could also be a combination of both of these factors.

Further research by Kroll concurs with the data above, showing that the financial sector experienced an onslaught of cyber attacks in 2023. The report highlights that social engineering and phishing scams are rising. Notably, QR code phishing has been increasingly used in scams targeting the sector.

In the education sector, reports such as the UK Government's "Cyber security breaches survey "identified a massive surge in attacks on educational establishments in 2023. Almost 85% of higher education and 82% of further education suffered from data breaches or other cyber-attacks.

In addition to the most targeted industries, some are particularly prone to phishing. TitanHQ research has found that industry sectors, including biotechnology and government, are more susceptible to phishing than others. 

Whatever industry you work in, your company is at risk of a cyber-attack of some form or another. From ransomware to DDoS to Business Email Compromise (BEC), social engineering and phishing are often the starting points of an attack. Putting measures in place to protect your organization is not a nice to have; it is a must.

Protect your Company from Cyber-Attacks

Having a company strategy that uses a layered approach to cybersecurity is the best starting point you can take. A hard stance on security must begin with your employees. Train your staff to identify phishing attempts. Use security awareness training that is behavior-led. Deploy phishing simulation exercises, and soon, you will see a difference. TitanHQ research saw a 92% drop in phishing susceptibility when employees use an automated security awareness training solution like SafeTitan. Add to this an AI-powered anti-phishing and social engineering solution, like PhishTitan, and you can expect to mitigate many threats targeting your sector.

Cybercriminals will use every trick in the book, including manipulating your staff through social engineering and phishing. Through real-time analysis and threat assessment, PhishTitan neutralizes Business Email Compromise (BEC) and spear-phishing scams before they begin.

Talk to TitanHQ to prevent these targeted employee email attacks.