Health, education, retail, and manufacturing sectors continue to be particularly vulnerable to cyber attacks and data breaches, according to analysis of recently released 2021 ICO data by cyber security awareness and data analytics company, CybSafe. 

CybSafe analysed data from the Information Commissioner's Office (ICO) – the UK’s independent body upholding information rights – following its previous analysis of ICO data for the first half of 2021 to discover the details behind the UK’s cyber security breaches throughout the entire calendar year. 

While health and education remain particularly vulnerable to data breaches, the retail and manufacturing sector suffered twice as many cyber attacks as either sector, accounting for 20 percent of attacks overall in H2 of 2021. 

Statistics within the retail and manufacturing industry also highlight a more general trend. The sector saw an increase in ransomware attacks, accounting for 27 percent of all attacks in 2021, up from 23 percent in 2020. In contrast, phishing attacks declined, falling from 31 percent in 2020 to 26 percent in 2021. This marks the first-time ransomware attacks have superseded phishing within the sector. Throughout 2021, ransomware saw a notable rise, accounting for 30 percent of attacks between July and December, up from 24 percent between January and June.

While the ICO data highlights phishing as the most common form of attack at just under 30 percent, ransomware continues to be an increasing threat to every sector. 

As sectors adapt to life post-pandemic, the education sector is a prime example of how the cyber security landscape has changed for good. ICO 2021 data shows ransomware attacks increased to 22 percent (up from 19 percent), suggesting the trend is not subsiding despite children returning to the classroom. The sector saw a steep rise in ransomware attacks mid-way through 2020. They accounted for 26 percent of attacks in the first half of 2021 compared to just 11 percent in the previous year.

Oz Alashe, CEO of CybSafe, said: “The ICO data tells a clear story. The pandemic saw a steep rise in ransomware attacks. With important sectors such as education and healthcare seeing a sustained level of cyber threats throughout the last year, we need to go beyond standard security training practices."

“To embody a security-first culture, the human aspect of cyber security shouldn't be underestimated. If we want to invoke genuine behaviour change, the first step is to appreciate individuals responding differently to threats, and personalisation is crucial to building an authentic security-first culture.  "

“Appreciating differences in teams means you can deliver tailored security initiatives. The result is greater employee confidence, changes in security behaviour, and ultimately a defence against such malicious threats that will only grow in importance over the coming years,” Alashe concluded. "