Hacked Off: the industries most affected by cyber attacks

The Cyber Security Hub recently produced a study identifying the six most breached industries: professional services (8%), financial (7%), retail (8%), healthcare (24%), accommodations and food services (15%), and public administration (14%).

Each sector has been subject to hacks that have rendered their systems helpless and put both their business interests and customer information at risk. The report includes everything from the type of information stolen to the method of the breach.

In this article, we give a breakdown of the report’s findings and highlight how each industry can strengthen their security:

Healthcare and public administration

Businesses in both these industries are public-facing, which makes the information they possess sensitive. While they may hold financial information, it’s more likely that hackers would steal personal (41% most compromised data for public administration) or medical (79% for healthcare) data – potentially affecting both an individual's privacy and welfare. In the case of healthcare, most breaches were human error (34%), demonstrating a lack of education on proper system usage. In 2017, the NHS was hacked by WannaCry, a virus designed to cause disruption which could have been avoided with basic IT security. Healthcare is the only industry where the top threat is internal (56%) as opposed to external – and as a result would benefit from cyber security experts who specialise in the governance side of protection as opposed to technical.

Public administration is also more at risk from theft of personal data, though the industry is more liable to hacking (52%) than human error. This is a result of them handling (and processing) sensitive data. As the majority of threats this sector face are external (67%), organisations that come under the banner of public administration should consider employing a technical cyber security expert who is able to respond to threats they receive.

Professional services and financial

Professional services typically include legal firms, consultants, accountants and other corporate specialists. They’re at risk of external hacking (70% top threat was external, 50% top breach type was hacking) and the data often stolen is personal (56%) as opposed to monetary, which is ironically the same as the financial industry (36%). Ultimately, both are often unprepared for an assault on their informational wealth.

Law firms by their nature have a substantial amount of data on large clients engaged in legal disputes. The corporate intelligence that these firms hold is significantly more valuable than finances. The Panama Papers story was an excellent example of this; the leak of Mossack Fonseca’s database files was just the beginning of a series of devastating legal firm attacks that globally demonstrated the power of basic IT security.

The financial sector, however, has been much more proactive. In November 2018, the Bank of England ran regular tests nationwide to ensure that banks could withstand a cyber attack. The theory was that information could be extracted from one UK bank causing a ripple effect. This followed the fining of Tesco Bank, who were penalised for allowing a hack that resulted in £2m being stolen from 34 accounts. The Bank of England’s tests were ran by senior cyber experts, demonstrating the demand for technically able cyber professionals in the industry.

Retail, and accommodations and food services

The hospitality sector is almost always hit for the purposes of payment information (93%). Businesses in the food and accommodation industry and retail sector are overwhelmingly at risk of an external attack (99% and 93%, respectively), with the highest breach type being hacking (93% and 46%, respectively). As the threat is so strongly external, a technical expert is necessary to focus on network security and incident event management.

Retail businesses operate in one of the most commonly attacked industries – from giants like Superdrug to the majority of SMEs, a substantial number of organisations have been affected. The issue is, as with most of the industries discussed here, that there isn’t the talent available in-house to address the threat. The compliance expert is typically someone who already works in the HR department of the team, and there’s no employee with the technical skills to maintain the proper protection and find and resolve potential breaches.

Businesses in food services are no exception to this. Aside from the restaurants and bars included in the SMEs targeted, the suppliers and manufacturers are also a prime focus for cyber attackers. Ransomware has been sent as far down the chain as factories. Cadbury’s manufacturing operation in Tasmania, for instance, was crippled by malware in 2017, resulting in the confectionery company dropping 3% in growth in the second quarter.

Clearly, the cost to organisations of all sizes is enormous. Whether ransomware targets your personal files or a major hack destabilises and withdraws your finances, the overall cost can obliterate a business. Even in the milder cases, you may face disruption, damage to reputation and fines for non-compliance.

Partner with Maxwell Bond, Specialist Cyber Security Recruitment Agency, UK & Germany

Want to guarantee protection against cyber attacks? We can help. Our reputation in cyber security across all sectors allows us to identify key talent who can ensure the best solution for your data protection. Just contact one of our consultants today and take the necessary steps to tackling cyber crime.