Introduction to industries

This year we looked at 29,207 incidents, which boiled down to 5,258 confirmed data breaches (Table 8468227d). Once again, we break these incidents and breaches into their respective industries to illustrate that all industries are not created equal in terms of attack surfaces and threats. The kind of attacks suffered by a particular industry will have a lot to do with what kinds of infrastructure they rely on, what kind of data they handle, and how people (customers, employees, and everyone else) interact with them.

A large organization whose business model focuses entirely on mobile devices, where customers use an app on their phone, will have different risks than a small mom and pop shop with no internet presence, but who uses a Point of Sale vendor to manage their systems for them. The infrastructure, and conversely the attack surface, largely drives the risk.

While keeping that in mind, we caution our readers not to make inferences about the security posture (or lack thereof) of a particular sector based on how many breaches or incidents that industry reports. These numbers are heavily influenced by several factors, including data breach reporting laws and partner visibility. Because of this, some of the industries have very low numbers, and as with any small sample, we must caution you that our confidence in any statistics derived from that small number must also be less.

As in past years, we have broken down the breaches and incidents by industry in a heat map that categorizes the data into Patterns, Actions and Assets (Figures 95 and 96 respectively). These figures help to answer the “so what?” question in our data, and are useful as indications of what the attack patterns an organization is most likely to encounter, given their industry. This, paired with the CIS Controls in each industry section, can be a guide for determining how best to mitigate risk.

When discussing the industries with a small sample, we will provide ranges within which the actual value may reside. This allows us to maintain our confidence interval while still providing you with an idea of what the actual number might be, had we been given a large enough sample. For example, instead of saying “In the Accommodation industry, 92% of attacks were Financially motivated,” we show that Financially motivated attacks ranged between 86 and 100%. Check out our riveting Methodology section for more information about the statistical confidence background used throughout this report.

It is worth noting that some of the industry sections this year may look smaller than usual. This is because we did not want to steal the thunder from the deep-dive analysis we did on the new Patterns. If you are just here for a glimpse of your industry,⁷³ our recommendation is to verify what the Top Patterns are in the At-a-Glance table accompanying each industry and then spend some time with those pattern sections.

⁷³ We can’t blame you. Sometimes we eat the dessert first, too.