What are the most-targeted industries for cyber attacks?

Every business is a potential target for cyber attacks, but hackers choose targets in some industries more than others. The most targeted industries for cyber attacks often include firms operating in “critical” sectors like energy, health, and finance which are targeted by both for-profit hacking groups and state-backed adversaries aiming to do damage to international rivals.

Other industries are targeted because of the lucrative information they hold – retail is a top target for cyber attacks and law firms are often singled out for the same reason. Meanwhile government agencies, councils, and educational establishments often find themselves in hot water due to under-investment and lack of understanding of the importance of security. 

Three industries stand out as key targets in the first half of 2023: technology, energy and education, according to recent analysis by Gatewatcher. 

Gatewatcher CEO Jacques de la Riviere tells ITPro that schools and universities “suffer from a significant and recurring lack of resources, investment, and staff – and they offer criminals a lot of return”. 

“There is access to a database of student and teacher accounts, confidential information that could be resold and technological and engineering data at research establishments.”

Why critical national infrastructure is targeted for cyber attacks

Firms operating in so-called critical national infrastructure (CNI) sectors such as energy, water, transport, and health can find themselves at the top of the cyber-attack target list, with former National Cyber Security Centre (NCSC) chief Ciaran Martin having warned that CNI is the next big ransomware target in March 2023. Financial institutions, cryptocurrency exchanges, and fintech organizations are also considered a prime target, says James McQuiggan, security awareness advocate at KnowBe4. “These organizations handle large amounts of financial information, including sensitive data such as credit card numbers.”

The healthcare industry is also a popular goal for hackers partly because it handles information including medical records. “Cyber-criminals recognize that healthcare systems are maintained by the government or regulatory bodies and are sometimes challenged by slow-moving technological and implementation processes,” McQuiggan adds. 

Manufacturing and energy sectors are vulnerable to hacking and McQuiggan describes how they are more likely to be singled out by hackers. “Year after year, manufacturing organizations are a top target for nation states as they work to disrupt, damage, or destroy manufacturing, energy, and other critical infrastructure organizations,” says McQuiggan.

Outside of CNI, online retailers and e-commerce sites also handle large amounts of sensitive customer data, making them vulnerable to attack. In some cases, the reason for attacks is obvious. Attacks on CNI sectors such as energy firms are “a very political act” that can cause physical damage, says Ian Thornton-Trump, CISO at Cyjax. 

Sectors that fall under this header, including energy and water firms, often use technology that was never meant to be connected to the internet, increasing the risk. It’s this exposure and the legacy technology they use that can cause “spectacular impacts” such as shutting down a critical power system, Thornton-Trump says. 

Stuxnet, the infamous computer worm that caused physical damage to Iran’s nuclear centrifuges in 2010, is a prime example. 

The threat state-sponsored groups pose to industries

Attackers themselves are a diverse bunch, spanning nation-states through to cyber-criminals and hacktivism groups. State-sponsored attackers are typically directed by national governments and often target “strategically essential industries”, such as manufacturing and energy organizations, says McQuiggan.

Philip Ingram MBE, a former senior British Military Intelligence officer, describes how different nation-state adversaries target businesses. “International entities linked to nation-state priorities are themselves a potential target.”

One nation-state adversary to look out for is Iran, says Ingram. “It has a huge cyber capability but this is focused on specific areas: the first is Saudi Arabia and any infrastructure linked to the Saudi government including large corporations such as the oil giant Aramco.“

Iran also focuses on US defense targets, as well as CNI and financial institutions, Ingram adds. Meanwhile, Russia aims to have a disruptive political impact, targeting CNI, healthcare and financial institutions, says Ingram. “The aim is to create upset and undermine current government activity, leading to political pressure being applied.”

Chinese cyber attacks tend to focus on victims that offer a technical and therefore economic advantage. “Universities, research institutes, large technology, pharma companies, defense industries, and economic institutions are all high priority targets for Chinese cyber activity”, Ingram explains.

At the same time, North Korean cyber attacks typically aim for financial institutions and crypto firms, says Ingram. When it comes to individual North Korean groups, a famous example from is Lazarus, which targets organizations in the financial industry and is known for the WannaCry cyber attack that laid waste to the NHS and is still wreaking havoc today. 

The BlackCat ransomware gang, also known as ALPHV,  is notorious for targeting companies in the financial, legal, and professional services industries, says Kevin Curran, senior IEEE member and professor of cyber security at Ulster University. “The group uses a combination of advanced techniques in attacks. They initially infiltrate networks using the Emotet botnet and Log4Shell vulnerability and redirect users to malware-laden pages via hijacked legitimate websites.”

Regulating to protect the most-targeted industries 

Given the number of specific targets for attack, it’s no surprise that regulation is emerging covering the security of critical sectors. For example, firms operating in Europe should be looking out for the Network and Information Security 2 (NIS2) directive and the Digital Operational Resilience Act (DORA). 

“NIS2 focuses on stepping up cyber security risk management and incident reporting across critical sectors in the EU, while DORA zeroes in on the financial sector and its supply chain, demanding better handling and reporting of IT risks,” says Cliff Martin, head of cyber incident response at GRCI Law.

Among its stipulations, the NIS2 Directive places the onus on organizations to adopt protective measures, share information on cyber threats, and comply with stricter supervisory requirements, says McQuiggan.

Beyond regulation, highly-targeted industry sectors should implement a robust cyber security strategy to safeguard their organization against threats, says David Emm, principal security researcher at Kaspersky.

In addition, he says, organizations need to fortify network and endpoint security, encrypt sensitive data, and “continuously monitor for potential threats, utilizing threat intelligence sources to stay informed”.

For high-risk sectors, a layered approach to security is crucial, agrees Martin. “It’s vital that organizations are confident in their ability to detect and handle incidents as well as to prevent them. This means regular risk assessments, thorough employee training, solid incident response strategies and investing in cutting-edge security tech.”