A new report from Kroll has found that the healthcare and financial sectors remain the leading focus for data breaches. However, trends in the technology sector suggest that hackers may be changing their tactics for the year ahead.

A growing number of studies highlight the healthcare and financial sectors are leading targets for fraud and cyber-attacks. The sensitive nature of the information firms in either sector boast mean it is extremely lucrative – something which means healthcare in particular is top of the average cost for a data breach when compared to other verticals and by some margin.

A new study from Kroll has further confirmed this – with the firm’s 2023 Data Breach Outlook report having analysed thousands of third-party related breach incidents as well as the industries that were the most breached. Once again, the researchers found that finance and healthcare companies were the most common targets of data breaches in the last year.

Source: Kroll

The sectors made up a combined 47% of all breaches in the last year. While healthcare saw its portion fall from 22% to 20%, that is still much higher than average – while finance saw its rate of breaches spike to 27%, from 19% the previous year.

There were other sectors which also saw alarming booms in breaches in 2023. Professional services accounted for just 3% of breaches in 2022, but that grew to 12% in the last year, while retail shot up from 7% to 11%. These figures suggest a diversification in the tactics of hackers – potentially because the interconnected state of modern business means there are many new routes to take when tackling a target.

That most directly relates to the technology space – where the number of breaches grew by 40% year-on-year. This saw technology firms make up an increased 8% of all breaches in the last year – doubling from its 2022 portion.

Source: Kroll

Further investigation into the data suggests that customers are in tune with this changing dynamic – and are also aware of the personal cost they could have in the coming period. The study found that consumers are significantly more concerned about the data breaches of the technology industry.  

The highest number of incoming calls related to data breaches came from the technology sector – 53%, compared to 19% in the healthcare sector, and 12% in finance. Technology breaches also led to the highest number of consumers who took up identity protection – often a combination of identity and credit monitoring – of 68%.

Kroll concluded this was likely connected to one famous cyber-attack from 2023 – the MOVEit transfer vulnerability. Cited by the firm as “a perfect example of the ripple effect one attack can have on an ecosystem of connected companies”, the Colorado Department of Health Care Policy and Financing said a data breach it suffered in 2023 due to the exploitation of a zero-day vulnerability in the MOVEit Transfer web application affected more than 4.6 million people – and highlighting how targeting technology firms in a health or finance ecosystem could yield a more effective route into a company’s data for hackers.