Managing Editor, IFSEC Insider

Author Bio ▼

James Moore is the Managing Editor of IFSEC Insider, the leading online publication for security and fire news in the industry.James writes, commissions, edits and produces content for IFSEC Insider, including articles, breaking news stories and exclusive industry reports. He liaises and speaks with leading industry figures, vendors and associations to ensure security and fire professionals remain abreast of all the latest developments in the sector.
January 28, 2020


Lithium-Ion batteries. A guide to the fire risk that isn’t going away but can be managed

Cyber security

Which sectors are most vulnerable to cyber attacks?

A new report from OGL Computer reveals how technology decision makers at UK SMEs are prioritising cyber security to ensure business continuity and growth, as well as detailing which verticals are most vulnerable to breaches. 

The report also highlights newer technologies such as robotics and AI that SMEs plan to adopt, how SMEs are using technology to power remote workforces and what technologies they are adopting for growth. Cyber security features heavily in the report, with respondents revealing attack frequency, cyber strategy status and employee training to combat hackers.

The vast majority of UK SMEs (81%) confirmed that they had suffered a data breach or cyber attack, with a considerable two in five (37%) admitting they had suffered multiple breaches. One respondent said his SME suffered at least eight attacks.

Industry verticals had a significant bearing here, with the healthcare, IT & telecoms and legal industries topping the list of those suffering multiple attacks.

The top six verticals where respondents had more than one breach, by vertical:



Sector2 breaches3-4 breaches
IT & Telecoms75%24%
HR & Recruitment62%37%
Manufacturing & Utilities57%42%

Reasons to attack key industries


Public sector healthcare providers are particularly susceptible to supply chain attacks that exploit the chain of trust, targeting the valuable personal data which healthcare providers store and process. Suppliers can be seen as more vulnerable and an easier route for attackers to gain access to a more lucrative target. Hospitals store an incredible amount of valuable, confidential patient data which hackers can sell on easily – making any supplier to the industry a target.

IT & Telecoms

Some IT companies may store large amounts of sensitive customer data, while cloud storage and computing service providers, developers of security software, or file-sharing solution providers, are often the targets of supply chain compromise attempts.

Direct attacks seek to access the organisation’s network operations and data while indirect attacks target subscribers within the telecoms sector. SME suppliers may be a gateway into the network – once inside, cyber criminals can easily access data and intercept calls, as well as control and impersonate subscribers.


The legal sector is particularly vulnerable to cyber attacks due to the volume of data, sensitive information, financial responsibility and authority held. If a law firm specialises in corporate or property law, they are at increased risk, as the potential for financial gain is greater. Although the main reason law firms are targeted is for financial gain, there is also a growth in bad actors using cyber attacks to achieve political, economic or ideological goals.

HR & Recruitment

Payroll fraud, recruitment scams, corporate espionage – cyber attackers have found numerous routes into organisations via HR. Any identifiable information is valuable to criminals, and payroll and other HR systems are a treasure trove of names, addresses and bank details. If this is compromised, not only can it affect individual employees, it also gives attackers more ammunition with which to increase the likelihood of a successful attack on other parts of the business.

Additionally, recruitment agencies are prime targets for malware. If hit by a data breach, employment agreements and sensitive documents such as passport scans and visa details are all left exposed.


The manufacturing sector, which includes automotive, electronics, and pharmaceutical companies, has always been a vulnerable industry when it comes to cyber crime and security breaches. This is because intellectual property is incredibly valuable, and often manufacturing firms rely on highly specific software packages that are difficult to patch against recent exploits, making them highly vulnerable to attack.


The threats facing organisations working directly and indirectly with the finance sector go far beyond simple theft. Cyber threats facing banks, insurance companies, asset managers and similar organisations range from basic consumer-grade malware all the way up to highly targeted attacks from organised criminals and state-sponsored actors. Financial service providers are a hacker’s favourite, given the nature of the private information held by those organisations.

Further cyber trends highlighted in the report include:

  • The vast majority of SMEs confirmed that they were increasingly worried, with 81% more fearful of a cyber-attack or data breach
  • 81% of UK SMEs confirmed that they had suffered a data breach or cyber attack
  • 17% of IT decision-makers surveyed have no cyber strategy in place
  • 76% agree that they are nervous about moving from an on-premise IT infrastructure to a cloud infrastructure due to fears of data security
  • 98% of IT decision-makers in SMEs educate employees about how to identify a cyber threat, with the most popular approach being a combination of external and internal training (32%)
  • SMEs in the financial sector were more likely to suffer three or four breaches than any other sector at 50%, while healthcare and IT & Telecoms sectors were most likely to suffer two breaches at 75%.

Colin Dennis, Head of Technical Operations, OGL Computer, commented: “Cyber security has been front of mind for SME customers for some time now, as awareness of cyber risks continues to rise. Proactive management of IT requirements is in many ways connected to this trend, as businesses of all sizes look to compliance requirements as well as asset protection and disaster recovery.”

Download the full report at www.ogl.co.uk/SOTreport2020.    

Register today for IFSEC 2023

16-18 May 2023, ExCeL London | IFSEC 2023: Recognising the past, embracing the future

Join thousands of likeminded security and risk professionals at IFSEC 2023 in May, as the UK's largest and longest running security event looks ahead to what's next in the sector as it celebrates its 50th birthday. This year will see the launch of the IFSEC distributor network, while London's new Elizabeth Line makes travel to the venue easier than ever!

You’ll find hundreds of leading exhibitors from the physical and integrated security sector, showcasing all the latest in video surveillance, access control, intruder detection, perimeter protection and software solutions. Join the community and secure your ticket today!


Related Topics

Notify of
Newest Most Voted
Inline Feedbacks
View all comments

[…] The UK’s financial services industry presents a valuable target, sitting as it does in the top five of industries most vulnerable to cyber […]


[…] this momentous year, the organizations most vulnerable to cyber attacks included those in the healthcare, IT & telecommunications, legal, human […]