UK industries with the most cyber attacks, survey reveals

UK industries with the most cyber attacks, survey reveals

With cyber crime becoming increasingly prevalent, many businesses may fall victim to cyber attacks, but which sectors have experienced the most? 

With this in mind, Indusface was keen to investigate further, surveying 2,200 respondents from 16 different industries to discover which sector has experienced the most cyber attacks, as well as which type of cyber attacks are the most common among businesses. 

Key findings:

  1. Nearly half (49%) of all UK businesses have experienced a cyber attack.
  2. 78% of the Education sector have experienced a cyber attack.
  3. Over one in four (26%) UK businesses in the Financial Services sector have experienced a cyber attack
  4. Email hacking is the most common form of cyber attack (64% of respondents across all businesses fell victim to it).
  5. Venky Sundar, founder and president of Indusface, also provides their expert insight on the importance of adequate cyber security.

We hope you find this release useful. If you do end up using it, we would appreciate a link to, who commissioned the data. 

Nearly half (49%) of UK businesses have experienced a cyber attack, a new study has found, indicating the evolving threat of cybercrimes to businesses.

The 10 sectors that have experienced the MOST cyber attacks:



Percentage of respondents that have

experienced a cyber attack





Arts, Entertainment and Recreation



Accommodation and Food



Real Estate Activities



Health and Social Care



IT and Communications



Retail and Wholesale






Other Services



Public Sector and Defence


*Please see full survey results and data here

According to the findings, the Education sector has experienced the most cyber attacks, with 78% of businesses reporting this. 

Indusface found that 83% of the Education sector don’t actively train their employees in cyber security — the third lowest percentage after Transport (89%) and Accommodation (97%).

A cyber attack can have highly problematic outcomes for businesses within the Education sector specifically, such as hackers gaining access to an administrator or teacher’s sessions, and confidential personal information. 

The Arts, Entertainment and Recreation sector ranks second, with 68% of respondents  having experienced a cyber attack. 32% of businesses in the sector are not actively training employees in cyber security. 

This can result in Arts, Entertainment and Recreation businesses experiencing email hacking attacks across industries (61.54%).

The Accommodation and Food sector ranks in third place, with 67% of survey respondents reporting that they have experienced a cyber attack. 97% of respondents in this sector are not actively providing employee training in cyber security. 

Email Hacking is the most common form of cyber attack

Almost two thirds (64%) of all survey respondents reported that email hacking was the method used in their cyber attack, suggesting more training needs to be done in this particular area to ensure the industry can keep its systems safe. 

The five sectors that experience the LEAST cyber attacks:



Percentage of respondents that have

experienced a cyber attack


Financial Services



Admin and Support



Professional and Technical








*Please see full survey results and data here

Venky Sundar, Founder and President of Indusface commented on the importance of cyber security investment and training among all business sectors:

“The cyber security of any business, whether an SME or a larger corporation, is vital to its integrity. With technology and the internet being an integral, useful part of how many businesses operate, it is important that every company understands the risks of it being inadequately protected. If cyber attacks occur, a business can suffer from lost business data, a degraded reputation, and potentially a large financial cost.

“While we found that email hacking is the most prevalent, the way it is carried out is very versatile. Phishing is a much talked about threat, however, bot attacks such as account-takeover and credential stuffing could also be used to hack emails and get access to email accounts. 

“The other method is when hackers exploit an SQL injection vulnerability on a table and extract all credentials through the vulnerability. In addition to training all employees on how to evade phishing attacks, organisations will also find it worthwhile to run regular security assessments and implement a WAAP solution to filter out malicious attacks right at the perimeter before the attacks hit the application servers. 

“Finally, it is important to build defences in depth. All systems are to be designed while assuming that they don’t get compromised even in case an email is hacked. This problem is especially bad in the SME space as security software needs to be constantly updated and the acute shortage of talent and resources mean that SMEs run outdated security software products.” 

MEB Media Publishing (UK) Ltd

13 Princess Street,
Maidstone, Kent
ME14 1UR
United Kingdom

Our sister publications

In Security Magazine


Smart Automation Magazine