Threat Actors’ Most Targeted Industries in 2020: Finance, Manufacturing and Energy

Threat Actors’ Most Targeted Industries in 2020: Finance, Manufacturing and Energy

IBM Security’s annual X-Force Threat Intelligence Index uses data derived from across our teams and managed customers to gather insights about the topmost targeted industries every year, helping organizations manage risk and resource investment in their security programs.


When it comes to managing digital risk and facing potential cyberattacks, each industry faces its own unique attack landscape, as different threat actors, motivations, assets and geopolitical events drive adversarial activity in each sector.


To map the most targeted industries, IBM used data insights from 2020 attacks to look at what can be expected in 2021. The data showed finance, manufacturing and energy at the very top of a list of targeted sectors.


Top 10 Industries


Figure 1: Top 10 industries by attack volume, 2020 versus 2019


While finance has been a topmost constituent on that chart for the past five years, the manufacturing and energy sectors saw a hike in attacks, jumping five levels from their respective 2019 rankings, as if turning a pyramid on its head.


Manufacturing — ranked as the eighth most attacked in the 2019 report — jumped to second place in 2020. This may be driven by the interest malicious actors have in targeting infrastructure with connections to operational technology (OT). Similarly, energy jumped from ninth place in 2019 to third place in 2020, further underscoring attackers’ focus on OT-connected organizations in 2020.


Health care jumped from last place in 2019 to seventh place in 2020, probably driven by COVID-19- related health care attacks and a barrage of ransomware attacks against hospitals. Transportation continued to drop in 2020, falling to ninth place, compared to third in 2019. This could be related to less transportation utilization during the pandemic.


Why were the top-ranking sectors attacked that much more in 2020? Attackers could be ..