Cyber attacks: which industries top the hit list?

December 18, 2023
1 min read
  • The most targeted industries for cyber attacks include critical sectors like energy, health, finance, and retail.
  • Technology, energy, and education were key targets in the first half of 2023, according to Gatewatcher’s analysis.
  • Online retailers and e-commerce are also frequently targeted due to the large amounts of sensitive customer data they handle.
  • State-sponsored attackers tend to target strategically important industries.
  • Regulatory measures are being implemented to ensure security of critical sectors, such as the Network and Information Security 2 (NIS2) directive and the Digital Operational Resilience Act (DORA).

Hacking is a pervasive issue in our heavily digitized world, and certain sectors are disproportionately targeted. Industries handling valuable information or serving a critical function are the usual victims of such attacks. Such sectors include energy, health, finance, retail, and more recently, technology and education. Retailers, for instance, are attractive for hackers due to the wealth of customer data they manage.

Governments and educational institutions are other targets due to their lack of investment in cybersecurity measures and understanding of its importance. In many instances, they are targeted for political reasons or for the substantial amount of data they hold that can provide lucrative returns when sold.

Intriguingly, cyber warfare has expanded beyond traditional cyber criminals to include state-sponsored attackers seeking to disrupt economic and political structures strategically. These groups, backed by national governments, frequently infiltrate prominent organizations in manufacturing and energy, aiming to cause large-scale disruption and damage.

Due to the increasing number and severity of cyber attacks, regulatory measures have been introduced to shield critical sectors. Companies operating in Europe, for instance, should be wary of the Network and Information Security 2 (NIS2) directive and the Digital Operational Resilience Act (DORA), which aim to regulate cybersecurity risk management and reporting.

To counteract these pervasive threats, businesses in high-risk sectors should implement robust cybersecurity strategies, prioritize regular risk assessments, thorough employee training, solid incident response strategies, and invest in advanced security technology.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and