SOAX study reveals rising cyber threats to healthcare, finance industries

May 8, 2024
Recent data from 2023 underscores the pressing need for industries to invest in cybersecurity measures, particularly in sectors such as healthcare and financial services.

A new study has revealed the most vulnerable industries to cyberattacks—the healthcare industry has been named the most at risk of an attack.

The study conducted by data collection experts SOAX utilized data from the Identity Theft Resource Center on the number of data violation cases from 2020 to 2023 by industry. Each industry has been ranked based on its number of data violation cases in 2023, revealing the industries most at risk. Cybersecurity threats continue to evolve, posing a threat to industries across the United States.

Recent data from 2023 underscores the pressing need for industries to invest in cybersecurity measures, particularly in sectors such as healthcare and financial services, which emerged as the most vulnerable to malicious intrusions. 

The healthcare industry is the most vulnerable sector, topping the ranking with 809 data violation cases in 2023. This is a staggering surge in incidents, with cases soaring from 343 in 2022 – a 136% increase. Further data revealed that these cases affected 56 million victims within the healthcare industry, underscoring the profound impact cyberattacks have on the industry.  

The financial services industry ranked second most at risk, with 744 reported data violation cases in 2023. Additionally, the sector witnessed a notable surge in cyber incidents, with reported cases skyrocketing from 269 in 2022 to 744 in 2023—a staggering 177% increase, the highest among all industries. Moreover, out of the 744 reported data cases, a staggering 61 million victims were affected, clearly indicating that this industry needs more protection from cybercriminals.   

The Professional Services industry ranked third in 2023 with 308 reported cases, which impacted 30 million victims. The sector also experienced a notable increase of 38% compared to previous years, with just 223 reported data violation cases in 2022.

Ranking fourth among the most vulnerable industries is manufacturing, which faced 259 data breach incidents due to cyberattacks in 2023, impacting five million victims.

In 2023, the education sector experienced the fifth-highest count of data breach incidents, affecting four million victims. This marked a concerning surge, with a 73% rise compared to the previous year, witnessing 173 data breach cases in 2023 as opposed to 100 cases in 2022.  

Data violation cases and victims due to cyberattacks in the US 2023, by industry: 

Rank 

Industry 

Number of data violation cases 

Number of data violation victims 

Healthcare 

809 

56,000,000 

Financial services 

744 

61,000,000 

Professional services 

308 

30,000,000 

Manufacturing 

259 

5,000,000 

Education 

173 

4,000,000 

Technology 

167 

65,000,000 

Retail 

119 

10,000,000 

Non-profit/NGO 

105 

10,000,000 

Transportation 

101 

12,000,000 

10 

Government 

100 

15,000,000 

11 

Other 

81 

4,000,000 

12 

Wholesale trade 

53 

297,000 

13 

Hospitality 

45 

6,000,000 

14 

Utilities 

44 

73,000,000 

15 

Social services 

15 

193,000 

16 

HR/Staffing 

10 

239,000 

17 

Unknown 

1 

18 

Manufacturing and Utilities 

- 

5,000,000 

Among the sectors facing significant risk, the technology industry stands out, ranking sixth in 2023 with 167 data breach incidents. These breaches had a profound impact, affecting a staggering 65 million victims.

The retail sector experienced the seventh-highest number of data breach incidents in 2023, totaling 119 cases. These breaches resulted in ten million victims being affected by cyberattacks.

The non-profit/NGO sector occupies the eighth spot, grappling with 105 data breach incidents and ten million victims in 2023. Following closely in ninth position is the transportation industry, contending with 101 cyberattack-induced cases and 12 million data violation victims in 2023.

Finally, securing the tenth position is the government sector, enduring 100 data violation cases in 2023, impacting 15 million victims nationwide. While there has been a slight uptick from the 74 reported cases in 2022, reflecting a 35% increase, it remains notably lower compared to numerous other industries.

The study also identified the industries that experienced minimal impact from cybercriminal activities. Remarkably, the HR/staffing sector emerged as the least affected, with a mere 10 reported data violation incidents in 2023, affecting 239,000 individuals. 

Equally noteworthy is the social services sector, which saw 15 instances of data breaches in 2023, significantly fewer compared to other industries. Consequently, it affected the fewest number of victims, totaling just 193,000 individuals.

Commenting on the findings, Stepan Solovev, CEO & Co-founder at SOAX, says: "The study has identified a concerningly sharp rise in cyber incidents across all US industries in 2023, which is particularly alarming, especially within the healthcare and financial services industries. These sectors store vast amounts of sensitive information, making them lucrative targets for cybercriminals.

"Maintaining effective cybersecurity practices is crucial for mitigating risks and protecting against potential breaches. It is crucial that organisations within these sectors continue to invest in cybersecurity defence mechanisms. This includes thorough and regular employee training, encouraging staff to stay vigilant against cyber threats.

"The increase in attacks demonstrates that cybercriminals pose an increasing threat. Industries must adapt and evolve with these technological advancements to ensure they are protected from cyberattacks."

Sources: Identity Theft Resource Center (ITRC) – 2023 Data Breach Report  

Methodology:

Data was collected on the number of data violation cases due to cyberattacks in the United States from 2020 to 2023 by industry. These industries were then ranked in order of vulnerability, determined by the frequency of cyberattack occurrences.

Moreover, supplementary data was collected on the number of victims to reinforce the ranking results. 

Data violation cases due to cyberattacks in the US, from 2020 – 2023, by industry:   

Rank 

Industry 

2020 

2021 

2022 

2023 

Healthcare 

306 

330 

343 

809 

Financial services 

138 

279 

269 

744 

Professional services 

144 

184 

223 

308 

Manufacturing 

259 

Education 

42 

125 

100 

173 

Technology 

67 

79 

87 

167 

Retail 

53 

102 

65 

119 

Non-profit/NGO 

31 

86 

72 

105 

Transportation 

21 

44 

36 

101 

10 

Government 

47 

66 

74 

100 

11 

Other 

172 

308 

250 

81 

12 

Wholesale trade 

53 

13 

Hospitality 

17 

33 

34 

45 

14 

Utilities 

44 

15 

Social services 

15 

16 

HR/Staffing 

10 

17 

Unknown 

1 

18 

Manufacturing and utilities 

70 

222 

249 

-