Share of cyberattacks by industry
Source: IBM Security XForce

According to IBM in its X-Force Threat Intelligence Index, the top 10 industries suffering the most cyberattacks in 2020 were:

1. Finance and Insurance

Most Common Type of Attack: Server access attack

Since 2016, the finance and insurance industry has been the most attacked industry. In 2020, attacks increased over 2019 by 238%. Hackers seeking to profit financially from attacks often hit this industry. Paralyzing banks is usually less of a goal with attacks on this industry, but accessing internal systems can yield hefty illicit returns. However, during the pandemic, hackers seeking to paralyze infrastructure including nation-state cyber criminals also hit banking institutions to cause chaos.

2. Manufacturing

Most Common Type of Attack: Ransomware

The attacks against manufacturers doubled in 2020 compared to 2019. 21% of all 2020 ransomware cyberattacks hit the manufacturing industry. However, this industry also saw 4X more BEC attacks than any other industry, and a significant number of data theft attacks. Hackers renewed interest in this industry, likely trying to take advantage of supply chain disruption and operational chaos caused by the global pandemic, as consumers saw (and continue to experience) shortages in manufactured goods.

3. Energy

Most Common Type of Attack: Data theft

35% of attacks in the energy sector involved data theft, while only 6% involved ransomware. This was likely indicative of hacker motivations to hit this industry including IP theft, customer data theft and extorsion. BEC and server access attacks were also notable in this industry.

4. Retail

Most Common Type of Attack: Credential theft

Attacks on the retail industry were actually lower in 2020 than in 2019. This was likely due to fewer retail transactions taking place during the 2020 (less room to hide as a hacker). Retail is typically a target because of the high volume of credit card and financial transactions.

5. Professional Services

Most Common Type of Attack: Ransomware

Professional services saw the highest percentage of attacks from ransomware attacks of any industry. Data theft and server access attacks were also common in 2020. These organizations are typically attractive to cyber criminals because they serve as a path to further victims and often hold confidential data about customers.

6. Government

Most Common Type of Attack: Ransomware

Government received the second highest number of ransomware attacks of the industries, totaling a third of the attacks that this industry faced. Yet, only 38% of state and local government employees have been trained on ransomware prevention. This industry also faced a large burden in moving operations to accommodate work from home environments, as much of this industry had all team members working on site, and was not equipped for moving a remote workforce. Data theft attacks were also notable.

7. Healthcare

Most Common Type of Attack: Ransomware

The healthcare industry suffered twice as many cyberattacks in 2020 than in 2019, likely due to hackers taking advantage of operational chaos caused by the global pandemic, shifts in workforce to cover emergency medical care while furloughing operational and administrative staff due to revenue challenges caused by elective medical services being put on hold. Hackers, including nation-states looking to disrupt and steal data from organizations in this industry, targeted those in medical research and development attempting to invent COVID-19 vaccines, as well as frontline providers.

8. Media

Most Common Type of Attack: Malicious domain name squatting

90% of malicious domain name spoofing attempts targeted the media. This sector includes telecommunications and mobile communications providers, as well as media and social media outlets that can play a critical role in political outcomes, especially during election years. The timing of 2020 being a U.S. presidential election year likely drove this type of attack in this industry.

9. Transportation

Most Common Type of Attack: Malicious insider / misconfiguration

Attacks against the transportation industry were much lower in 2020, likely because everyone was sheltering in place and travel bans existed across the globe during 2020. This industry ranked #3 in 2019 and fell to #9 in 2020.

10. Education

Most Common Type of Attack: Spam / adware

Education has historically been vulnerable to cyberattacks due to a large decentralized surface area of users hard to control with staff and students regularly logging into systems from home to complete and grade course work. However, the user and device based security measures that this distributed surface area drove for security protection before the pandemic, better equipped education for security operations during the pandemic than other industries accustomed to relying on firewall protection.