Universities and other educational institutions are a popular target for hackers, most likely due to their large repository of Personally Identifiable Information and research-driven intellectual property. Interestingly, while not among the top three cyber attack tactics used against educational institutions in 2016, Cyber Espionage was in the top three methods of attack for successful breaches, suggesting that skilled state-actors are increasingly focusing their attention on America’s educational infrastructure.

A broad category of businesses that includes everything from financial analysts to insurance underwriting, there is one main element in common in this industry: control over money. As a result, it’s not too much of a stretch to figure out why these businesses would be a target for hackers. Unsurprisingly, nearly all cyber attacks against financial and insurance institutions are motivated by direct financial gain.

The healthcare industry is a veritable treasure trove of information valuable to hackers. Medical records, usually organized in centralized databases or kept on laptops and tablets, have all the information needed to steal an identity. Focusing only on external actors, however, misses a significant threat – 24% of breaches in 2016 were motivated by personal curiosity.

With businesses ranging from software companies to telecommunications companies, cloud-based providers to online gambling, it’s not too much of a surprise to see that the most common attacks consist of attempts to disrupt service. As far as actual data breaches, attacks on the Information sector rely on a wide variety of attacks, making the attacks even harder to prevent.

These are the companies that, per the Verizon 2017 Data Breach Report, “make stuff.” When you “make stuff, there is always someone else who wants to make it better, or at least cheaper.” As you probably imagine, it’s the information these companies have that hackers want. In fact, although only making up 18% of hacking attempts, cyber espionage accounted for 86% of all breaches – of which 91% of the data compromised consisted of industrial/trade secrets.

The Professional group comprises a large number of business types that provide business-to-business and/or business-to-consumer services, from law firms and accounting firms to landscape architecture companies and high-tech R&D. Unsurprisingly, spear phishing attacks with financial motivation as well as attacks using stolen credentials were among the most common attacks. Lack of information on the effect of a significant number of incidents – preventing identification of breaches, possibly – suggests the failure to report breaches remains a problem.

The public sector is difficult to fully analyze, because it is a treasure trove of information. Unlike other sectors, most government agencies are required to report violations, which can create a lot of noise – the fact that a clerk had an unauthorized program isn’t likely to be something that would be reported in other sectors. However, like the Manufacturing sector, the data is interesting for what was tried (see chart), and what succeeded – cyber espionage was the most successful method of actually breaching a public network. Another scary statistic – 60% of the breaches took at least one year to be discovered.

Comprised of both brick-and-mortar and online retailers, the Retail industry as a whole is a popular target for hackers interested in making quick cash. As far as the methods of attack, the prevalence of Denial of Service and Web App Attacks reveals that online retailers are likely to be much more aggressively targeted by hackers, and the most common way online applications are hacked is using customer credentials stolen as part of phishing attacks.