Trends in data breaches across 10 commonly targeted industries
Drata analyzed a report compiled by Verizon to identify trends in data breaches within 10 of the industries most frequently targeted.
If you've ever worked in any number of office jobs, you've probably become familiar with mandatory computer safety training courses and those persistent reminders to change your password every few months.
These efforts are just the first line of defense for protecting companies and organizations from dreaded (and often costly) cyberattacks. The hackers behind these attacks may hold data for ransom or, worse, sell off sensitive business information and clients' personal data. Prominent data breaches have made headlines in recent months, impacting customers of the insurance company UnitedHealth, the investment company Fidelity, and the documentation startup Mintlify.
Drata referenced a report compiled by Verizon to identify trends in data breaches within the industries most frequently targeted. Between Nov. 1, 2021, and Oct. 31, 2022, Verizon tracked 16,312 security incidents for the study, 5,199 of which involved a confirmed data breach.
Attacks are becoming more prevalent: A December 2023 report compiled by Apple says data breaches are at an all-time high, with more breaches occurring in the U.S. in just the first nine months of 2023 than in all of 2022. In particular, hackers seem to be focusing on a "side-door" approach by targeting vendors who provide software or other digital solutions to numerous companies at once. The idea is if they can hack into a vendor's system, they can use that vendor's software to access their clients' data.
A recent example of this was what the Department of Health and Human Services called an "unprecedented" attack on the U.S. health care system: In late February 2024, hackers shut down a UnitedHealth Group medical payment processor. The effects were wide-reaching; UnitedHealth Group's subsidiary, Change Healthcare, processes about half of all medical claims in the U.S., and the attack impacted almost every type of health care provider, from single-practitioner therapy practices to large hospital systems.
The chief executive from First Health Advisory estimated the outage is costing health care providers more than $100 million a day, and the White House intervened to urge the company to provide more emergency funding to doctors and health systems to help them survive the outage.
Most organizations are connected to a third-party vendor that was a victim of a data breach. But "side-door" attacks are just one avenue for hackers to get access to sensitive data. They can attack a company directly using old-school "phishing," in which hackers lie about their identity to try to gain the trust of employees, who may then turn over data. Hackers can use other tactics as well, such as outright stealing credentials (e.g., your login information) or exploiting vulnerabilities within computer and software systems.
External actors—people from outside the organization—accounted for 83% of data breaches tracked by Verizon. Financial motives were the largest impetus, driving 95% of breaches.
Individuals and companies can take various measures to protect their data and systems. IBM recommends using security software, encrypting data, maintaining backups, and limiting data access to only those employees who truly need it.
The following list shows the total number of security incidents in each industry and how many of those incidents involved a data breach. Other data points document the motivation behind successful breaches, the information compromised, and the share of incidents involving external actors, or people from outside the organization.
Public administration
- Total security incidents: 3,273, data breached in 584
- Share of incidents with external actors: 85%
- Motives in successful breaches: Financial (68%), espionage (30%), ideology (2%)
- Information compromised in successful breaches: Personal (38%), other (35%), credentials (33%), internal (32%)
Government computer systems are a treasure trove of personal information, and it's not surprising that hackers see them as a target. According to the Verizon report, this sector also has a high percentage of espionage-motivated actors (i.e., countries spying on each other).
A highly visible example of this sort of espionage was the Chinese spy ballon, which flew over the U.S. in early 2023 until it was shot down. Officials from the Biden Administration have since alluded to some form of counter-espionage by insisting they got more "intelligence out of the device than it got as it flew over the U.S.," according to an NBC news report.
Financial and insurance
- Total security incidents: 1,832, data breached in 480
- Share of incidents with external actors: 66%
- Motives in successful breaches: Financial (97%), espionage (3%), convenience (1%), ideology (1%)
- Information compromised in successful breaches: Personal (74%), credentials (38%), other (30%), bank (21%)
According to the Verizon report, basic web application attacks—in which hackers use stolen credentials or a well-known vulnerability—are a "top pattern" among hackers in this category.
"Poorly picked and protected passwords continue to be one of the major sources of breaches within this pattern," the report says. The takeaway? Listen to your IT friends and change both your work and personal passwords regularly.
Health care
- Total security incidents: 525, data breached in 436
- Share of incidents with external actors: 66%
- Motives in successful breaches: Financial (98%), espionage (2%), fun (1%), ideology (1%)
- Information compromised in successful breaches: Personal (67%), medical (54%), credentials (36%), other (17%)
The UnitedHealth breach may be making headlines right now, but it won't be long before another health care system or insurer will get hacked. Loss of a health care provider's normal software or computer systems can have life-threatening consequences, as they are forced to work without access to their regular files.
Verizon reports that this sector is often targeted by ransomware gangs: groups of cybercriminals who hold data hostage until the victim gives in to their financial demands. In 2019, a ransomware attack allegedly led to a baby's death at an Alabama hospital when the attack knocked out heart-rate monitoring systems.
Professional, scientific, and technical services
- Total security incidents: 1,398, data breached in 423
- Share of incidents with external actors: 92%
- Motives in successful breaches: Financial (96%), espionage (4%), convenience (1%)
- Information compromised in successful breaches: Personal (57%), credentials (53%), other (25%), internal (16%)
This "catch-all" category includes lawyers, accountants, and other business services. "Denial of services"—when a malicious actor blocks legitimate users from accessing their systems—continues to be a top "action" in cyberattacks on this sector, according to Verizon. Additionally, 23% of these incidents were due to ransomware, up from 14% in the previous year's report.
Information
- Total security incidents: 2,110, data breached in 384
- Share of incidents with external actors: 81%
- Motives in successful breaches: Financial (92%), espionage (8%)
- Information compromised in successful breaches: Personal (51%), credentials (37%), other (35%), internal (19%)
External parties with financial incentives continue to cause the most security incidents in this sector. Only 8% were motivated by espionage, compared to 20% last year, according to the report.
Manufacturing
- Total security incidents: 1,817, data breached in 262
- Share of incidents with external actors: 90%
- Motives in successful breaches: Financial (96%), espionage (4%), convenience (1%)
- Information compromised in successful breaches: Personal (60%), credentials (38%), other (37%), internal (18%)
Manufacturing is a tech-heavy field, and companies need protect not only their production line, but also their consumer-facing services.
Customers innocently shopping for cleaning products and storage containers on the manufacturer OXO's website in 2017 and 2018 may have unknowingly fed hackers their payment information. The company reported that its servers were compromised three separate times over those two years. OXO hired a security firm to fix the vulnerabilities and offered those affected a free credit monitoring service.
Educational services
- Total security incidents: 497, data breached in 238
- Share of incidents with external actors: 72%
- Motives in successful breaches: Financial (92%), espionage (8%), convenience (1%), fun (1%)
- Information compromised in successful breaches: Personal (56%), credentials (40%), other (25%), internal (20%)
Think about all the sensitive information that gets exchanged when you apply to a new university. University databases, like the one Stanford kept of doctoral applicants to the economics department, are prime targets for malicious actors.
Retail
- Total security incidents: 406, data breached in 193
- Share of incidents with external actors: 94%
- Motives in successful breaches: Financial (100%), espionage (1%)
- Information compromised in successful breaches: Payment (37%), credentials (35%), other (32%), personal (23%)
The news cycle warns us of "card skimmers" every few months, so hackers targeting retail sales systems may come as no surprise to customers. However, hackers are also attacking your favorite online retail websites.
"Within retail, we often find the 'Magecart'-type actors," the Verizon report says. "These criminals find ways of embedding their malicious code within your site's credit card processing page. This allows them to quietly and subtly abscond with your customers' payment data without actually affecting the functionality of your website."
Accommodation and food services
- Total security incidents: 254, data breached in 68
- Share of incidents with external actors: 93%
- Motives in successful breaches: Financial: 100%
- Information compromised in successful breaches: Payment (41%), credentials (38%), personal (34%), other (26%)
Hackers love to use RAM scrapers, which cull through a computer's short-term memory and can collect lucrative payment data, to target point-of-sale technology. According to Dan Wahl, the senior manager of Restaurant Insurance Solutions at CoverWallet, a restaurant owner's first step should be making sure their payment system complies with the Payment Card Industry Data Security Standard to help protect against these kinds of attacks.
Mining and utilities
- Total security incidents: 143, data breached in 47
- Share of incidents with external actors: 80%
- Motives in successful breaches: Financial (63%–93%), espionage (4%–32%), grudge (1%–21%), ideology (0%–15%), convenience/fear/ fun/other/ secondary (0%–7% each)
- Information compromised in successful breaches: Personal (50%), internal (33%), other (26%), credentials (24%)
Lastly, companies and public entities in the mining, quarrying, and oil and gas extraction and utilities sector provide critical infrastructure that can still be prone to attacks. Just like when they attack other industries, hackers like to use "system intrusion," or multistep processes to break into digital systems, steal data, get out, and then either hold the data for ransom or leak it.
In a drawn-out project, Chinese hackers have stealthily hidden in U.S. infrastructure for up to five years without attacking. If the two countries went to war, this access could turn destructive, according to an NBC News report.
Story editing by Shannon Luders-Manuel. Copy editing by Tim Bruns. Photo selection by Ania Antecka.
This story originally appeared on Drata and was produced and distributed in partnership with Stacker Studio.