Hackers target companies in the retail and technology sectors the most, especially small or medium firms based in the US.
These are the main findings from new research conducted by the company behind TechRadar's best VPN provider, NordVPN. The team at NordStellar (the provider's threat exposure management platform) and NordPass (its password manager service) have investigated almost 2,000 data breach incidents worldwide over the past two years to understand how cybercriminals choose their victims.
"While small retail companies are highly attractive, other profiles are no less appealing for hackers," said Karolis Arbaciauskas, Head of Business Development at NordPass. "This analysis helped us illustrate which businesses face higher risks and explain what measures can be taken to avoid them."
Which businesses are hackers' favorite targets?
As mentioned earlier, Nord's research found that retail and technology have been the most-targeted sectors over the past two years, suffering a total of 95 and 56 attacks respectively.
Companies providing business services follow suit, with 51 data breach incidents counted during the research period – August 31, 2022, and September 1, 2024.
The top 10 hackers' most-wanted sectors also include more specific technology-related businesses, such as internet and web services (36 attacks), IT services and consulting (35), software development (26), and computer hardware development (22). Entertainment, education, and finance were also on the list, counting 34, 28, and 27 incidents respectively.
These results were surprising, Arbaciauskas explained, considering that the tech and IT sectors are notoriously less vulnerable and better equipped against online threats. Yet hackers know that even if companies employ high-end IT solutions, human mistakes can still occur.
Besides specific sectors, researchers were keen to find out where highly targeted companies are based.
It doesn't come as a surprise that US companies are the ones getting the most attention from hackers, amounting to almost a quarter of the businesses appearing in the research (489). India (114) and the United Kingdom (73) also made it to the top three, followed by some European countries – Spain and France.
Most remarkably, perhaps, Nord's findings show how cybercriminals prefer attacking small and medium businesses. The majority of the breached companies figured in the research (72%), in fact, had up to 200 employees.
According to Arbaciauskas, this may be because these firms underestimate their value to hackers. "There are targeted attacks, yes, but hackers often go for much broader scope activities, such as credential stuffing, dictionary or rainbow attacks that do not choose their victims," he said, adding that for smaller companies a data breach could even mean the end of their businesses.
Private companies are also the biggest target, accounting for 85% of affected businesses.
How to protect your business from data breaches
As these findings clearly highlight, private and smaller business realities are the ones most at risk of suffering a cyberattack. This is a stark reminder that every type of company – no matter its size – should have a strong cybersecurity strategy in place.
According to Arbaciauskas, it's vital to employ critical security tools across all areas of the business. A reliable password manager solution allows for secure management of company credentials and accesses, for example.
Even if companies are employing high-end IT solutions, human mistakes can still occur
A secure business VPN tool is then the first step towards better resilience against online threats. That's because a virtual private network (VPN) encrypts your employees' internet connections, preventing third-party access to the data leaving their work devices.
He also suggests carrying on regular cybersecurity audits to help you spot weaknesses in the company's IT infrastructure and prepare resilience strategies. Similarly, companies should also invest in cybersecurity training to raise awareness and knowledge among employees to reduce human mistakes – often the main backdoor into serious data breaches.
