UK Cyber-Attacks by Industry

Posted on Friday, December 31, 2021

Cyber-attacks in the UK continue to surge and a recent report on cybersecurity breaches in 2020 show that around 46% of businesses reported suffering from digital security breaches within the 12 month period. 

Cybercrime was already a growing threat but the global pandemic over the past two years has resulted in greater use and reliance on digital communication tools and services. This has fueled even steeper rises in reported cyber attack cases. The study also found that 17 percent of businesses were not keeping antivirus software up to date, allowing for potential weak spots hackers can expose. 

Another pandemic specific issue has been the increase of personal device use for business. Working from home, flexible working, and reduced time in the physical office has led to 47% of staff to use personal devices for work activities. 

Just under 20 percent of the businesses surveyed in the report did not have security policies in place for the specific purpose of protecting against issues that can arise from the use of personal devices for business purposes. 

Phishing attacks continue to grow

More industries are facing phishing attempts. Phishing attacks are very popular with criminals because they are a simple and effective way to target businesses. Reports indicate 86 percent of businesses face this kind of threat. The result is that digital tools including email are at risk and sensitive and financial data can be accessed. 

The increased use of personal devices for work purposes has also given hackers many more access points for phishing attacks. 

Industry specific threats 

While the overall numbers show a general growth across all sectors for cybercrime, and a huge number of businesses are at threat of data breaches, some industries are targeted more than others. Let’s look in more detail at the main industries that are currently most at risk of cyber-attacks.

Legal Industry

The top 100 law firms in the UK are facing more attacks. In 2013, 45 percent of the top 100 firms faced a threat, in the most recent financial year that number had risen to 73 percent of the top 100 firms. 

Law firms are an obvious target for cybercriminals because they hold a lot of sensitive data on clients that could be valuable for a hacker. 

Increased remote working has played a role for more cyberattacks, because a lot of the work done by law practices is on computers and office based. 

Surprisingly there are also many organizations in the law industry that do not have IT security infrastructure and cybersecurity policies that meet the required standard.

By applying the correct IT hardware and software infrastructure, alongside applying stricter policies, many law firms could strengthen their protection against hackers.  

Staff cybersecurity training, regular updates, backups, antivirus, and remote working policies are other areas that can be looked at to tighten defences against potential data leaks. 


Government agencies and councils are big targets due to political, financial, and personal motivations. There’s a lot of data held by governments that cyber criminals would like to obtain. The sort of sensitive information the government holds is vast, but includes data such as fingerprints, passport numbers, and national insurance numbers. Some government IT Systems have vulnerabilities, and are not as secure as you might expect. 

Hackers often gain access via government employees who inadvertently share information or introduce malware or spyware onto networks.


Healthcare might not seem like an industry that hackers would target but bad actors can have all kinds of motivations to cause disruption and chas in healthcare settings. The cyber-attacks on healthcare organisations usually look to obtain patient data and use the data in a ransomware attack unless they are paid a certain sum of money. 

As a result healthcare providers need to be vigilant and maintain software updates for the OS, antivirus, and applications they use.  They should also look into staff cybersecurity training, training on spotting phishing scams, and planning regular backups. By saving data regularly you can help minimise impact on ransomware attacks as the data can be restored. Not  

Small Businesses

Large corporations are targeted by hackers because it can often be a big payday. The downside fro the hackers point of view is that large businesses tend to have stronger defences and be more proactive in defending against cyberattacks. 

Many small businesses however do not have the finances, infrastructure, or awareness to have robust protection against hackers. 

It has been estimated that small UK businesses face a combined 65,000 cyber-attack attempts every day. The cost is an average of £26,000  to repair the damage, and that does not include the reputational damage and loss of trust from customers in your business.  

Manufacturing & Food

More points in the food production and manufacturing process have been made digital. As a result they’re attractive industries to target. In particular industries such as pharmaceutical, electronics, and automotive, tend to have older IT systems without the same levels of security. These businesses tend to hold valuable information and intellectual property that hackers can target. 


About Mustard IT, your security partner

Mustard IT is a trusted team, experienced in security and able to explain complex issues to you in a language you’ll understand. Contact us today to find out how we can help you.