Arrow back

The industries most at risk of cyberattacks

09 December, 2021

When it comes to being a target of a cyberattack, there’s something of a misconception commonly held by organisations. Namely, cyberattacks are something that happens to other organisations.

While the news is often full of stories about large global firms getting targeted and falling victim to attacks, the vast majority of attacks focus on small businesses, charities and public sector organisations.

More distressing still, the volumes and frequency of cyberattacks have been increasing at an alarming rate over the last few years, costing businesses significant money and causing major disruption.

Just this week, over 300 Spar stores had to temporarily close due to cyberattack, with criminals targeting the company that operates the convenience store’s till and IT systems, compromising Spar’s ability to take payment. It’s a stark reminder of why companies need to be vigilant.

Retail, however, is just one industry that is commonly targeted for cyberattacks, with some industries being targeted on a regular basis. These are the industries that are most at risk:

Healthcare organisations

The most significant concern regarding cyberattacks in the healthcare industry is that a successful attack does more than financial or reputational damage, they put people’s lives at risk.

The healthcare system industry has proven particularly susceptible to ransomware attacks, notably the WannaCry attack, which hit more than 60 NHS trusts and ground healthcare to a halt.

Small businesses

Small businesses might not seem a natural target for cybercriminals, especially with significantly greater riches available by targeting bigger firms.

This view, however, fails to take into account how difficult it is to breach a small business, rather than a large one. With little by way of cybersecurity training deployed in many small companies, it can prove a simple task to gain access to their systems.

Research revealed that 43% of cyberattacks were targeting small businesses and phishing attacks to specific targets are very common.

Government agencies

More than a target for cybercriminals, government agencies of all sizes are regularly targeted by nation-states and private hacking organisations due to the confidential and high-value data that is stored on government agency records. It is common for hackers to breach system security to steal highly confidential information.

Local councils alone are subject to an average of 19.5 million cyber-attacks a year, highlighting the threat level that governmental teams of all sizes face from cybercriminals and fraudsters.

Financial institutions

Banks and other financial institutions are, naturally, an extremely high-value target for cybercriminals. After all, where there’s money, there will always be people willing to steal it.

An incredible one-third of phishing attacks are aimed at financial institutions, costing banks an average of £13m annually in losses and fines.

More than simply financial damage though, breaches of financial sector organisations erode trust between consumers and other institutions.


A recent study found that UK universities are hit by a successful cyberattack every three hours, and 87% of them have experienced at least one breach.

With many universities funding world-leading research, cybercriminals see high-value targets within universities and other educational sector organisations. Hackers have been able to bring education systems down, affecting high numbers of students around the world.

Energy and utility companies

Another industry that has been frequently targeted is energy and utility suppliers. Hackers have been able to stop the supply of energy and hold the companies to ransom, causing severe disruption to the company and their customers.

According to an analysis from the Department for Digital, Culture, Media and Sport, the utilities sector ranks sixth-highest for mean investment in cybersecurity with an average spend of £5,420 per year. This, despite having arguably the most to lose in a potential attack.

In 2022, it is expected that cyberattacks will yet again increase, making it more important than ever to ensure that, no matter your sector, you have adequate security and training in place to keep your business protected.

Bob’s Business provides highly effective online training that can help small and large businesses to protect their IT systems by empowering employees to take the right actions to avoid falling for scams or compromising data.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance