In the wake of the cybersecurity breach targeting the prominent health care system Ascension, a new study has unveiled the industries most susceptible to cyberattacks. Alarmingly, the healthcare sector has been revealed as the most vulnerable, underscoring the urgent need for heightened security within healthcare companies.
The study conducted by data collection experts SOAX utilized data from the Identity Theft Resource Center on the number of data violation cases from 2020 to 2023 by industry. Each industry has been ranked based on its number of data violation cases in 2023, revealing the industries most at risk. Cybersecurity threats continue to evolve, posing a threat to industries across the United States.
Recent data from 2023 underscores the pressing need for industries to invest in cybersecurity measures, particularly in sectors such as health care and financial services, which emerged as the most vulnerable to malicious intrusions.
The health care industry is the most vulnerable sector, topping the ranking with 809 data violation cases in 2023. This is a staggering surge in incidents, with cases soaring from 343 in 2022 – a 136% increase. Further data revealed that these cases affected 56 million victims within the health care industry, underscoring the profound impact cyberattacks have on the industry.
The financial services industry ranked second most at risk, with 744 reported data violation cases in 2023. Additionally, the sector witnessed a notable surge in cyber incidents, with reported cases skyrocketing from 269 in 2022 to 744 in 2023—a staggering 177% increase, the highest among all industries. Moreover, out of the 744 reported data cases, a staggering 61 million victims were affected, clearly indicating that this industry needs more protection from cybercriminals.
The Professional Services industry ranked third in 2023 with 308 reported cases, which impacted 30 million victims. The sector also experienced a notable increase of 38% compared to previous years, with just 223 reported data violation cases in 2022.
Ranking fourth among the most vulnerable industries is manufacturing, which faced 259 data breach incidents due to cyberattacks in 2023, impacting five million victims.
In 2023, the education sector experienced the fifth-highest count of data breach incidents, affecting four million victims. This marked a concerning surge, with a 73% rise compared to the previous year, witnessing 173 data breach cases in 2023 as opposed to 100 cases in 2022.
Data violation cases and victims due to cyberattacks in the US 2023, by industry:
Rank |
Industry |
Number of data violation cases |
Number of data violation victims |
1 |
Healthcare |
809 |
56,000,000 |
2 |
Financial services |
744 |
61,000,000 |
3 |
Professional services |
308 |
30,000,000 |
4 |
Manufacturing |
259 |
5,000,000 |
5 |
Education |
173 |
4,000,000 |
6 |
Technology |
167 |
65,000,000 |
7 |
Retail |
119 |
10,000,000 |
8 |
Non-profit/NGO |
105 |
10,000,000 |
9 |
Transportation |
101 |
12,000,000 |
10 |
Government |
100 |
15,000,000 |
11 |
Other |
81 |
4,000,000 |
12 |
Wholesale trade |
53 |
297,000 |
13 |
Hospitality |
45 |
6,000,000 |
14 |
Utilities |
44 |
73,000,000 |
15 |
Social services |
15 |
193,000 |
16 |
HR/Staffing |
10 |
239,000 |
17 |
Unknown |
1 |
0 |
18 |
Manufacturing and Utilities |
- |
5,000,000 |
Blank spaces are due to unavailable data.
Among the sectors facing significant risk, the technology industry stands out, ranking sixth in 2023 with 167 data breach incidents. These breaches had a profound impact, affecting a staggering 65 million victims.
The retail sector experienced the seventh-highest number of data breach incidents in 2023, totaling 119 cases. These breaches resulted in ten million victims being affected by cyberattacks.
The non-profit/NGO sector occupies the eighth spot, grappling with 105 data breach incidents and ten million victims in 2023. Following closely in ninth position is the transportation industry, contending with 101 cyberattack-induced cases and 12 million data violation victims in 2023.
Finally, securing the tenth position is the government sector, enduring 100 data violation cases in 2023, impacting 15 million victims nationwide. While there has been a slight uptick from the 74 reported cases in 2022, reflecting a 35% increase, it remains notably lower compared to numerous other industries.
The study also identified the industries that experienced minimal impact from cybercriminal activities. Remarkably, the HR/staffing sector emerged as the least affected, with a mere 10 reported data violation incidents in 2023, affecting 239,000 individuals.
Equally noteworthy is the social services sector, which saw 15 instances of data breaches in 2023, significantly fewer compared to other industries. Consequently, it affected the fewest number of victims, totaling just 193,000 individuals.
Commenting on the findings, Stepan Solovev, CEO & Co-founder at SOAX, says: "The study has identified a concerningly sharp rise in cyber incidents across all US industries in 2023, which is particularly alarming, especially within the health care and financial services industries. These sectors store vast amounts of sensitive information, making them lucrative targets for cybercriminals.
"Maintaining effective cybersecurity practices is crucial for mitigating risks and protecting against potential breaches. It is crucial that organisations within these sectors continue to invest in cybersecurity defence mechanisms. This includes thorough and regular employee training, encouraging staff to stay vigilant against cyber threats.
"The increase in attacks demonstrates that cybercriminals pose an increasing threat. Industries must adapt and evolve with these technological advancements to ensure they are protected from cyberattacks."