This guide will provide an overview of the most common phishing attack targets by industry and the most common types of attacks that target each industry. By understanding what influences these trends, you can better ensure the cyber security of your business.

Most targeted industries for phishing in 2021

While the finance and tech sectors remain constant favourite targets for cyber attacks, the broad net cast by email-based phishing scams and evolving ransomware tactics mean that cyber criminals are targeting less resilient, more lucrative industries. Here are the top three at-risk industries with 250-999 employees.


Construction topped the list for most likely to be targeted by phishing attacks. Construction is also an industry that, due to factors including awareness and reporting rate, is very susceptible to phishing attacks. It ranks 8th in terms of vulnerability.

Healthcare & Pharmaceuticals

Patient health information is a target of cyber attacks because it contains valuable data including full name, address, health and insurance information, and financial information. At an average of $7.13 million per breach, Healthcare cyber security breaches cost the most of any industry and 89% of healthcare organizations experienced a data breach in the past two years. Around 3.70 million patient records were breached per month last year, according to the HIPAA Journal.

Business Services

Business services rounds out the top three most at-risk industries for mid-sized companies. It was a new entry in the list for this year, and it’s worth noting that in addition to a higher susceptibility rate, the reporting rate of successful breaches is also comparatively low meaning any successful attacks can spiral.

Top cyber security statistics in 2021

Let’s take a look at some key stats in the cyber security landscape in 2021. Instances of cyber crime are on an overwhelming rise, increasing as much as 600% since the pandemic began, with estimates placing the global cost of cyber crime at more than $6 trillion.

What does being on the receiving end of a successful cyber attack mean? 60% of companies lost data. More than half had accounts compromised, and just under half were infected with ransomware. Nearly 1 in 5 reported financial losses. More than 40% of cyber attacks target small businesses, and almost all cyber security attacks target human error over system breaches.

Cyber crime as a result of COVID-19

While the frequency and severity of cyber crime has been on the rise, it’s also important to look at these trends through the lens of COVID-19. Cyber security trends in 2021 have been hugely affected by the transformed work environments brought on by the pandemic. Remote work has increased the average cost of a data breach by $137,000, according to IBM. The global pandemic has seen increased cyber security risk from remote working, an influx of cyber criminals posing as health and government officials, and new targets in the form of burgeoning platforms like Zoom.

Malware and malicious software

Somewhere north of 90% of malware is delivered via email, but creation of mobile device malware is on the rise. Over 268,000 new malware variants were detected last year, but while still numbering in the hundreds of millions, overall the numbers of malware attacks declined 43% last year.

Ransomware statistics

A new organization will fall victim to a ransomware attack every 11 seconds by 2021. Ransomware attacks are estimated to cost $20 billion in damages annually by the end of 2021, making it the highest cost cyber security threat in 2021. Ransomware is an incredibly lucrative practice for cyber criminals, and the average asking price for ransoms has more than doubled since 2019. Over half of ransoms are now paid in cryptocurrency. Which brings us to… 

Cryptocurrency and cryptojacking

Cryptojacking is back on the rise as cryptocurrencies, like Bitcoin, begin to rebound in value. Around a quarter of businesses have been affected, and the number of attacks rose by 28% in 2020 to over 80 million instances. The frequency of cryptojacking correlates directly to the value of cryptocurrency, showing just how much cyber criminals will follow distinct market trends.

Phishing statistics

Through 2020, there was an enormous upswing in phishing attacks. 75% of companies around the world experienced at least one attempted phishing attack. It remains the most likely cause of a data breach, and studies show that one out of three employees is likely to click on a suspicious link or email or comply with a fraudulent request without cyber security training.

How frequently do phishing attacks happen in 2021?

Phishing scams are by far the most common form of attack, more than doubling in frequency between 2019 and 2020. The FBI reported nearly a quarter of a million recorded phishing attempts last year with the total number set to grow in 2021.

According to Verizon’s 2021 Data Breach Investigations Report (DBIR), phishing led to more breaches than any other type of cyber attack in 2020. 74% of organizations in the US were subject to a successful phishing attack -- 30% higher than the global average, and 14% than the previous year.

How are phishing attacks delivered?

  • 96% of phishing attacks are through email: The vast majority of phishing attack targets are delivered via email, including both malicious links and attachments. 
  • 3% of phishing attacks are through malicious websites: With safeguards like Google Safe Browsing in place, fewer and fewer phishing attacks are accomplished through insecure websites.
  • 1% of phishing attacks happen over the phone: Bringing up the rear, just 1% of phishing attacks happened over the phone, either via voice call or SMS. It’s worth noting that malware being developed for mobile devices is on the rise, and you’re more at risk on Android devices than on iPhones.


Phishing attack stats, like many other types of cyber crime, have boomed in 2021. Working outside the most commonly targeted industries doesn’t spell immunity for your business either. Widespread uncertainty and exceptional times mean that socially engineered attacks are always a risk. Common phishing scam tactics attempt to circumvent traditional anti-virus and anti-malware tools, and the most effective cyber security strategies include a healthy dose of employee education and awareness.

If you’re concerned about phishing scams impacting your business, please don’t hesitate to contact us or request a demo from Phriendly Phishing.