Cybersecurity Breaches by Industry: Top 3 Targeted Sectors

Cybercrime surged last year. The costs from ransoms, penalties, downtime, and lawsuits hit a record high. Organizations worldwide faced major losses. Lone-wolf hackers are a thing of the past. Now, we face large, skilled cybercriminal groups, ransomware gangs, and state-sponsored threats.

Certain industries attract more cybercriminals. This happens because they handle valuable data or have unique weaknesses that make them easier to attack. With GenAI, Ransomware-as-a-Service, and other tools, bad actors can easily launch attacks. So, no sector or organization is safe from serious cyber threats. 

Discover which sectors may face the most cybercrime threats. Find out how your organization fits into the cybersecurity landscape for 2025.

Standout Statistics

• 43% of organizations lost existing customers as the result of a single data breach. 
• Phishing was the fastest rising attack in 2024, with 42% of organizations reporting incidents. Cybercriminals used generative AI to create more convincing messages. This led to the increase.
• Human users are the most vulnerable threat vector. Verizon’s study revealed that 68% of data breaches came from social engineering. This includes actions like clicking on harmful links or giving credentials to fake requests.
• Only 13% of targeted individuals report phishing attempts to their employer.
• Almost 50% of organizations have unfilled cybersecurity positions.
• A survey by the World Economic Forum found that 71% of small organizations believe their IT teams can’t protect themselves from growing cyber threats alone. 
• Forecasts say the global cost of cybercrime will soar close to $14 trillion by 2028.
• Average losses from a data breach in the U.S. are over $9 million, the costliest in the world.

Cyberattacks target various industries. The top three most likely targets are healthcare, finance, and manufacturing. Here’s why cybercriminals frequently attack those sectors.

Industry #1: Healthcare

Why It’s Targeted

Healthcare records hold great value for bad actors due to their sensitive and specialized data. Examples of Protected Health Information (PHI) include:

• Social Security numbers
• Bank accounts
• Credit card numbers
• Other personal information

Malicious nation-states mine intelligence, intellectual property, and medical research from healthcare organizations. 

Healthcare organizations are prime targets for ransomware attacks. This is due to the high costs of fines and legal fees from security incidents. These costs stem from state and federal privacy regulations.

Key Statistics

• Healthcare breaches are the most expensive security incidents with an average cost of nearly $11 million according to IBM. That’s three times higher than damages suffered by non-healthcare organizations.
• The same study found that healthcare breaches took the longest to clean up, with an average resolution time of almost 300 days. 
• Healthcare groups using AI or automated security tools save nearly $2 million in incident costs. They also reduce resolution time by 100 days.
• The American Hospital Association found that stolen health records sell for 10 times more than stolen credit card numbers on the dark web.
• Ransomware attacks on healthcare groups have nearly doubled since 2021. In 2024, 67% of these organizations faced a ransom attack.

Example Breaches

Change Healthcare suffered one of the most damaging security breaches of all time in 2024. 

In February, the BlackCat/ALPHV gang launched a ransomware attack. This breach exposed the protected health information of almost 100 million people. That number accounted for a staggering 54% of the total breached records across the entire healthcare industry for 2024. Ransomware crippled healthcare billing, claims, and payment operations across the U.S. 

Change paid a $22 million ransom to the attackers, who threatened to sell a massive 6 terabytes of PHI data on the dark web. But the problems didn’t end there. The affiliate who launched the initial attack claimed they were not paid by BlackCat/ALPHV. They subsequently launched a second ransom attack against Change in April of 2024.

The attacks took several months for Change Healthcare and their parent company UnitedHealth Group to recover from. Some providers lost up to $100 million per day due to the disruptions in payments. Change faced lawsuits from state governments and legal actions from other regulators. The total cost of the breach for UnitedHealth soared to almost $2.5 billion.

The investigation revealed that this massive attack was launched through the simple use of deploying stolen credentials.

Mitigation Strategies

The attack on Change Healthcare forced many organizations to take a harder look at their own security measures. Use strategies to reduce ransomware and other attacks. Consider Zero Trust frameworks, conduct regular risk assessments, and strengthen endpoint security.

Zero Trust architecture ensures verified access for each request. It gives limited privileges only to users and systems that need them. This approach helps stop hackers from breaking in.

Using AI or automation to monitor risks and threats helps find vulnerabilities quickly. This lets cybersecurity teams contain threats before they spread throughout the systems.

Stronger endpoint security helps stop attackers. It includes automated patching and offline data backup protections. These measures prevent data from being changed or encrypted.

Industry #2: Finance

Why It’s Targeted

Cybercriminals go after financial institutions. They want to steal valuable assets and sensitive data. Banks, investment firms, and insurance companies are prime targets for fraud. They have important company and client data. This makes them open to identity theft and extortion.

Bad actors often use phishing and social engineering to get into customer accounts or internal systems. Then, they can commit fraud, redirect funds, release ransomware, or launder money.

Key Statistics

• The financial industry was the most targeted of all sectors last year, with a 200% increase in attacks since 2020.
• The average cost of a data breach in the financial sector was over $6 million, the second highest after healthcare.
• The FBI reports that over 80% of banking fraud was the result of identity theft or credential-based attacks.
• Financial services reported five times the number of phishing attacks as any other industry.
• 57% of financial institutions report phishing attempts on a daily or weekly basis.

Example Breaches

In 2024, mortgage lender loanDepot faced a major breach. Hackers revealed personal and financial records of nearly 17 million customers. The attack was launched on January 3, but went unnoticed for almost a day before loanDepot took critical systems offline. 

Fallout from the breach included a class action lawsuit that cost the company $25 million.

Mitigation Strategies

You can cut down phishing attacks by using multi-factor authentication (MFA), training your employees, and setting up fraud detection systems.

Multi-factor authentication keeps hackers out of systems even if they gain access to credentials. You can use time-based passcodes, biometric identifiers, and hardware security keys for extra verification.

Employee training can help prevent phishing scams. Cybersecurity awareness programs and simulated phishing exercises teach employees how to identify and deal with potential threats.

AI technologies help automate fraud detection. They find anomalies and unauthorized access. This reduces the risk of large-scale attacks on financial service companies. 

Industry #3: Manufacturing

Why It’s Targeted

Manufacturing stands out because it often uses legacy systems and technology. These legacy systems can be less secure, making them easier targets for hackers. 

The rise of Industrial Internet of Things (IIoT) devices makes it easier for cybercriminals to target manufacturing companies. Hackers often use phishing to target employees and break into networks. They also attack operational technology.

The manufacturing sector is a prime target for ransomware attacks. This is due to industrial secrets, control systems, and supply chain dependencies. Manufacturing companies often gather a lot of data from customers and supply chain partners. This data is valuable to cybercriminals.

Key Statistics

• Manufacturing accounted for over one-third of all ransomware attacks in 2024, the number one sector in the category.
• 76% of manufacturing attacks affect operational technology.
• Up to 15% of all cyberattacks are related to business and manufacturing partnerships and supply chains.
• Over 70% of manufacturers experienced at least one cyberattack in the last year.
• According to a Ponemon Institute study, 75% of manufacturing organizations use outdated or unpatched industrial control systems (ICS), leaving them highly vulnerable to cyberattacks.
• Verizon’s 2024 Data Breach report found that phishing and social engineering attacks on manufacturers spiked 40%.

Example Breaches

Toyota suffered a series of headline making security breaches in 2022 and 2023. In February 2022, the vehicle manufacturer had to close 14 plants in Japan. A malicious virus caused a major system failure at one of its parts suppliers. The attack was believed to have been launched through phishing or malware attachments and led to the loss of production of 13,000 vehicles.

In December 2023, Toyota Financial Services in Germany shut down its systems. They fell victim to Medusa ransomware. The attackers asked for an $8 million ransom. They wanted this for the return of large amounts of sensitive customer data. Earlier in 2023, Toyota faced issues when they reported that two million customer records were exposed. This happened due to cyberattacks over a span of 10 years.

Toyota shows how cybercriminals target the manufacturing sector. They use different strategies to attack supply chains and customer data.

Mitigation Strategies

Manufacturers face a high risk of cyberattacks. They can reduce this threat by:

• Segmenting operational networks
• Regularly applying patches
• Improving risk management with vendors

Segmenting operational networks stops malware and ransomware from spreading in IT and OT environments. This helps keep important production systems safe. Firewalls and Zero Trust frameworks can also limit the reach of hackers.

Regularly updating industrial control systems and IIoT devices with patches protects against new threats. This also reduces vulnerabilities.

When vendors follow strong cybersecurity policies, it helps reduce supply chain risks. This also prevents disruptions in manufacturing and protects critical infrastructure from cybercriminals.

How Industries Can Prepare

Whatever your industry, being ready for a cyberattack helps stop bad actors from getting into your systems. Using new technologies for monitoring can greatly boost your cyber defenses.

Cross-Industry Best Practices

Implementing proactive risk assessments helps to identify potential vulnerabilities before hackers do. Once weaknesses are identified, developing a structured incident response plan helps to contain threats in the event of a breach. AI and automated tools can be used to monitor threats real time. Training employees to spot phishing and social engineering attacks helps reduce attack vectors.

Adopting Emerging Technologies

AI-driven security and SOAR (Security Orchestration Automation and Response) help cybersecurity teams tackle new threats. AI monitoring detects anomalies and potential threats. It also speeds up response times for cybersecurity teams. SOAR platforms streamline security response by automating detection, investigation, and mitigation protocols.

SOAR helps security teams make custom playbooks for known attack scenarios. This includes ransomware, DDoS attacks, and malware.

Collaboration

Cybercrime losses have surged 300% in the last decade. By 2024, damages may reach nearly $10 trillion. To fight cybercriminals, we need collaboration across industries. Information Sharing and Analysis Centers (ISACs) help organizations share real-time threat data. They also promote best security practices among companies, government agencies, and cybersecurity groups.

Keeping up with real-world attacks helps security teams improve their defenses. This can reduce similar threats from the same bad actors. Working with law enforcement can reduce the time it takes to recover from attacks and track down cybercriminals.

JumpCloud uses the latest tech to boost your organization’s security. It employs Zero Trust frameworks, multi-factor authentication, and device management. 

Contact JumpCloud sales today to learn more about our phishing-resistant security features and automated security technologies. Our centralized dashboard gives your security team full visibility.

Sign up now for a free guided simulation that provides custom solutions for your organization’s security needs.