Which Industries Are Most Vulnerable To Cybercrime In 2022?

As businesses look to recover from the worst of the pandemic in 2022, they need to be mindful of the things that can still trip them up. As a company recovers, the last thing it needs is to suffer a cyberattack, taking on a further financial blow and potentially losing its reputation. 

It’s clear that cybercrime is a growing problem. In 2020, more than $3.3 billion was lost to cyber fraud – a number that has nearly doubled since 2010. 

There can be no doubt that businesses of all sizes and across all industries need to take cybersecurity seriously in 2022. In this article, we take a look at the industries that look set to be the most vulnerable to cybercrime this year, and what organisations in those sectors need to do to keep themselves protected. 

Small and medium sized businesses

The first sector that we need to focus on is that of small and medium sized businesses. While this isn’t necessarily an ‘industry’ it does represent a category of company that is likely to be vulnerable to cybercrime in 2022. Part of the reason that small businesses could be at risk of cybercrime actually comes down to the cybersecurity skills shortage. 

Unfortunately, there is a worldwide shortage of talent in the cybersecurity sector. Statistics suggest that the number of professionals needed is still 65% below where it needs to be. You might think that this shortage hits all businesses equally, but the fact is that less talent in the industry raises the cost of hiring cybersecurity professionals. Larger businesses are more able to absorb these costs, but small companies cannot necessarily do so. 

The increasing sophistication of criminals and the more difficult access to cybersecurity skills means that SMEs are naturally more vulnerable to cybercrime in 2022. 

Higher education

We have seen growing levels of cybercrime against institutions of higher learning. One of the key issues here is that universities are valuable targets from the perspective of cybercriminals because they hold the data of significant numbers of students, staff and others who use the university.

A recent cyberattack against the University of Hertfordshire shows that even well-funded higher education providers can be vulnerable. The attack caused widespread outages of computer facilities and forced the university to cancel online lectures. This shows that attacks on universities and other higher education institutions can cause the double blow of potentially losing private data, but also disrupting learning. 

In 2022, universities will be more reliant on digital services than ever before, especially if the Covid-19 pandemic continues to cause disruption. This is a key reason why this industry remains extremely vulnerable to cybercrime. 


There have been a number of recent examples of the healthcare industry being targeted with ransomware. The UK’s NHS sadly made headlines for a number of attacks that took down systems, causing widespread difficulties. You might think that this was a wake up call for healthcare companies to refocus, but this does not necessarily seem to have been the case.

It has been noted that many healthcare providers still utilise outdated or legacy systems that mean they are significantly vulnerable to similar types of attacks occurring in future. These are organisations that hold a huge amount of private data and information. When healthcare providers suffer cyberattacks it can be devastating for them and their patients. 

Legal services

The legal industry is another sector that relies on keeping an excellent reputation. In the modern world, there are few things more damaging than suffering a data breach and losing the critical personal details of multiple clients. For many people, this would be enough for them to discontinue their working relationship with a legal services provider. 

It is also true that the legal industry can be vulnerable because it is perceived as a valuable target. It is important to consider what a cybercriminal looks for in terms of the companies that they focus on. The fact that legal services providers often handle transactions involving large sums of money, and they also hold the private information of clients, it can make them seem an ideal opportunity for criminals. 

Indeed, 43% of legal services providers considered cybercrime as a key business critical risk in a recent survey. 

Property and real estate

When one of the UK’s largest conveyancing specialists Premier Property Lawyers suffered a data breach in 2021, it served as a reminder of the ongoing ramifications of cybercrime. In the property and real estate sector we consider another industry that is commonly a part of very large financial transactions, but also holds a great deal of personal data.

Given that the UK’s housing market is booming, there are many real estate and property businesses popping up. These companies may or may not understand the need to put powerful cybersecurity measures in place in order to keep themselves secure. 

Financial services

The financial services sector is similar in some ways to the property industry in that many new businesses have sprung up to take advantage of growing interest. However, newer businesses are more likely to have potential vulnerabilities in their systems and this can make them a target for criminals. 

Once again, the fact that financial services companies deal with vast sums of money can make them a high value target. 

Key security measures in 2022

Thankfully there are many things that businesses in all industries can do to protect themselves against cybercrime in 2022. Some of the key things that your company can do include:

    • Providing comprehensive staff training – this is sometimes overlooked in terms of importance, but it is vital. Staff need to understand the risks and challenges, and also be aware of how they evolve over time. It is important to regularly update your cybersecurity training. 
  • Outsource where possible – we mentioned this issue regarding the cybersecurity skills shortage, and a good way to combat this is through outsourcing your cybersecurity services. Services providers are in a position to provide businesses with 24/7 monitoring without the need for hiring an expensive cybersecurity team. 
  • Update regularly – still one of the most common issues relating to cybercrime is when businesses do not update their hardware and software regularly. Updating and installing the newest versions helps to fix known flaws and vulnerabilities.