Home

The UK Industry With The Most Cybersecurity Breaches

Nicholas Crouch, Chief Editor at Scams.info

Article by: Nicholas Crouch - Casino Еxpert

Date Published: 18/01/23

The UK Industry with the most cybersecurity breaches

As our use of technology evolves and we become increasingly involved in the cyber world, the frequency of cybersecurity breaches inevitably increases too. It’s very easy to slip into the mindset that “it won’t happen to us”, but unfortunately, every internet user is at risk of these attacks. In fact, the numbers are shockingly high, with an average of 97 cyber crime victims per hour.

Quote about 4 in 10 businesses experiencing security breaches

Introduction

Businesses are common victims of cyber crime, in fact, as many as four in ten businesses (39%) report having experienced cybersecurity breaches or attacks within the last 12 months. The most common types of cyber attacks include:

  • Phishing
  • Malware
  • Ransomware
  • Weak passwords
  • Insider threats

Because of this, Scams.info decided to dive a little deeper into cybercrime against businesses. Using data gathered from the Cyber Security Breaches Survey 2022, we sought to find out which industries suffered the most from cybersecurity breaches in the last year. The results found the following industries to be the most, and least, cyber secure. 

Number of Cybersecurity Breaches in Different UK Industries

Infographic showing the number of security breaches, by industry, in the last year

The Five Industries with the Most Cyber Attacks

5 industries with the most cyber attacks

1. Information and Communication

A staggering 320,060 cybersecurity breaches were reported by respondents within the information and communication sector, making it the industry with the most cyber attacks in the study. This figure makes up over a quarter (27.34%) of the breaches studied over 2022.

Totalling an average of 66.17 breaches per industry employee, IT workers are over three times as likely to suffer a cyber security breach than those in the finance and insurance industry (18.45 average breaches per worker), which comes in second place. On average, IT employees may be experiencing cyber breaches at least once a week.

2. Finance and Insurance

The figure for the finance and insurance industry isn’t looking much better, with 305,785 cybersecurity breaches reported within the last year. This figure makes up just over another quarter of all breaches.

Worryingly, finance and insurance was also found to be the sector most likely to hold personal data about customers, including financial data that could be used to commit fraud or theft.

3. Retail and Wholesale

Retail and wholesale placed as the third least cyber-secure industry, with a reported 183,500 cybersecurity breaches in the past year. This made up 15.8% of all recorded breaches.

With retailers having access to personal data such as credit card numbers and contact information, it is no surprise that 59% of UK consumers that shop online would stop shopping at a retailer if it was the victim of a cyber attack. This highlights the importance of taking measures to ensure cyber safety, as the impact it has on businesses can be crippling.

4. Transport and Storage

Figures remain high for the transport and storage industry, who reported 111,654 cybersecurity breaches within the last year, making up just under a tenth (9.54%) of all breaches.

Traditionally, transport and storage has been all about physical safety and security. It looks like it might be time to expand these operations and focus more on cyber security now, as the transportation industry has been found to be one of the high-value targets for ransomware attacks in recent years. Ransomware attacks involve encrypting a user or organisations files and demanding a ransom payment in exchange for decryption.

5. Education

The education sector accounts for 9.09% of cybersecurity breaches in the last year, with 106,365 reported attacks. The most common type of cyber attack in the education sector is ransomware, with more than 100 schools becoming victims of this crime since 2020. Cyber attackers target this sector due to the sensitive information at stake. The education sector holds a plethora of records about students and faculty.

The average cost of a ransomware payment is estimated to be around £2 million, highlighting the harmful impact of these breaches on the education sector.

The Five Industries with the Least Cyber Attacks

5 industries with the least cyber attacks

1. Hospitality and Food

The hospitality and food industry only accounts for 0.44% of all breaches, with 5,176 in 2022 alone. Although, speaking relatively, this figure is low, it still represents a huge amount of data being lost to cyber attacks.

2. Administration and Real Estate

Administration and real estate follows closely behind, with 5,673 cyber security breaches being reported in 2022 (0.48% of all breaches). The most common cyber attacks in administration and real estate are ransomware, data theft, and phishing.

3. Entertainment and Service/Membership Organisations

The entertainment industry was also found to be one of the more cyber-safe sectors, with 6,238 cyber security breaches recorded in the last year. This makes up 0.53% of all breaches studied.

It’s important to remember that despite being one of the safer industries of the last year, this can only be maintained if businesses and their customers remain vigilant. Online casinos are often used to target attacks. That’s why it is crucial to do your research and only play at safe online casinos that are licenced. For more information, you can also check out our guides on how to spot an online casino scam and the different types of online casino scams to help you stay safe online.

4. Health Care, Social Care, and Social Work

Health care, social care, and social work was found to be the second-most likely sector to hold personal data about customers (after finance and insurance). For this reason, it is even better news that it was found to be the fourth most cyber-secure industry studied in 2022, with only 7,010 breaches reported. This figure makes up only 0.6% of all breaches.

5. Professional, Scientific, and Technical

The professional, scientific, and technical industry holds highly sensitive information regarding medical products and research. It was found to be the fifth-most cyber-secure industry, though 8,370 cybersecurity breaches were still reported in the last year.

Why Are Some Industries More Exposed to Cyber Attacks Than Others?

Some industries exposed to more cyber attacks than others

First and foremost, the biggest motivation for hackers is financial gain. This is why sectors such as finance & insurance and retail & wholesale hold the (albeit unwanted) title of businesses most likely to fall victims of cyber attacks. These industries not only hold a lot of money, but also store sensitive information — such as card details and contact information — that can be used to commit fraud or theft.

Holding sensitive information is another reason why some industries are targeted more often than others. Businesses that hold private data, such as bank details, credit card numbers, personal health information, and personal records are often targeted as this data can be held to ransom (only to be returned in exchange for a large sum of money).

In some cases, hacktivists or extremists will conduct cyber attacks for politically or socially motivated purposes. These usually target controversial industries, with the goal being to publicly deface an organisation or leak their information.

A final reason why some industries are more exposed to cyber attacks than others, and also the most preventable factor, is unpreparedness. It is down to individual businesses to invest time and money into their precautionary measures, and it is clear that some industries take this more seriously than others.

How To Protect Yourself From Cyber Attacks

How to stay protected from cyber attacks

As a Business

  1. Look after your data. The most important thing businesses can do to protect themselves from cyber attacks is to take good care of the data they hold. Take the time to encrypt and back up all data. All networks and databases should be secured by setting up firewalls, and certain data should not be stored in a shared database.
  2. Train your staff in cyber security. Businesses should invest in regular cyber security training for their employees. You can invest in as much software and equipment as you like, but if your staff are not trained in security, these other precautions will be ineffective.

As an Individual

  1. Think before you click. A common tactic used by hackers is pretending to be someone they’re not. For example, online sports betting scams often involve using fake business identities to trick users into handing over betting money. Even if it’s a name you’ve heard before, always take the time to check that an email or link is coming from the person you think it is.
  2. Verify requests for private information from anyone you are unsure about. They should be able to prove who they are, or have their identity verified by someone you trust. You should also check that the request is legitimate. For example, banks will never ask you for your pin number over the phone, so you can be sure that anyone asking you for this data is a scammer.
  3. Use strong passwords. Picking a strong password is like putting an (almost) unbreakable lock on your door. A weak password is more like writing ‘please don’t come in’. A strong password will be more than 15 characters long, unique (never used anywhere else), and contain a mixture of letters, numbers & symbols.

Methodology

  1. Scams.info was interested in identifying the UK industry with the most cybersecurity breaches.
  2. To do so, government data was gathered from the Cyber Security Breaches Survey 2022, which identifies cyber attack information for UK organisations.
  3. Information about the sectors, company sizes and number of data breaches in the past 12 months were collected.
  4. Data was then grouped by sector to produce the approximate total number of breaches, total number of employees and the average number of breaches per employee in that sector.
  5. Where the exact number of employees was missing, the median of the banded range was taken.
  6. The findings were then ranked according to the number of data breaches in the past year.
  7. Data was collected in December 2022 and is accurate as of then.