Cybersecurity: the motivation behind cyber-hacks [Infographic]

Published July 30, 2019   |   

Cyber-attacks are becoming more sophisticated all the time, with cyber hackers coming up with new and determined methods of threat that are increasingly difficult to detect, making attacks more dangerous than ever before.

Statistics show that cybercrime is on the rise around the world. It’s estimated that by 2021 the annual cost of damages from cybercrime will cost the world $6 trillion. That’s a significant jump from $3 trillion in 2015, with cyber-attacks now one of the most serious threats to any business.

No matter the size of your organization, whether you’re a start-up business or have scaled to a million-dollar company, you need to be aware of the risk of a cyber-attack.

What’s the motivation behind all this cybercrime? The results of studies done on cyberhacking show that the motivation behind 90% of attacks is about financial gain and espionage. Here’s a closer look at the most-breached industries, who is doing the hacking, and what type of data is being hacked.

The most breached industries

All businesses are at risk for a cyber-attack, but there are some industries that are more at risk than others for hacking. What makes these industries more vulnerable is the type of data that’s at risk of being stolen, including financial, health, and personal information.


24% of all breaches occur in the healthcare industry, 79% of which is medical and personal data such as social security numbers, name and home addresses, information about income, and contact information. Stolen medical information can be used by hackers to gain unauthorized entry to some medical programs or to obtain prescription drugs for personal use or to sell for profit.

56% of the threat is internal, coming from within healthcare organizations, with another 34% being human error as employees leak information to other organizations without being aware of the infraction.

Food Services and Accommodation

Cyber-attacks in the food services and accommodation industries make up 15% of all breaches. These businesses are at high risk because they consistently collect information from their customers such as credit card numbers, name and address, and contact information. This stolen data can be used for identity theft and to gain access to financial accounts.

99% of the threat is external, with payment information accounting for 93% of the stolen data. Of equal concern is that in the food and accommodation industries, 96% of breaches aren’t discovered for a few months, at which time hackers have already used the information they stole.

Public administration

Close behind food and accommodation is public administration at 14% of industry breaches. With personal information amounting to 41% of the compromised data. Government data is at high risk for breaches due to a lack of cybersecurity funding, with 57% of government agencies hacked in 2018.

Both personal information and confidential government records are highly sought-after by cybercriminals at they can sell this data to foreign entities. Hackers who want to make a political statement are also a threat to public sector information.


The retail industry has always been vulnerable to cyber-attack, with at least 50% of retail businesses experiencing a security breach in 2018. 73% of the data compromised is payment information, with 93% of this data obtained as an external threat.

The payment information stolen by cyberhackers includes both financial and personal data. This can be used to make unauthorized purchases using credit card information as well as for identity theft.


Making up 7% of breached industries is the financial sector, where 36% of the data stolen is made up of personal and contact information as well as banking and credit card information.

79% of the threat is external, however, this threat doesn’t just compromise individuals, it also costs banking and financial institutions millions of dollars. The average cost per data breach was $7 million in 2017, compared to a lower liability cost for retail businesses.

Professional Services

Professional services, such as accountants and lawyers, are also at risk for cyber-attack, making up 8% of industry security breaches. 56% of this stolen data is the personal information that these services collect from their clients. This can include banking information, healthcare records, and personal contact and family data.

Who is hacking?

Threats to data can come from both internal and external sources. Internal hacking comes from within the organization, such as from employee error or a disgruntled employee. External threats are a malicious attack that comes from outside the organization. These external threats are often done by threat actors. Who attempt to impersonate the organization and lure unsuspecting targets into willingly providing them with personal information.

System administration (internal)

26% of internal hackers are based on system administration. These hackers have access to sensitive data and information and typically work in healthcare, financial, and public sector organizations.

System admin hackers will take advantage of the data they have access to, using it for their own monetary gain and sometimes to provide stolen confidential information to an external source.

End-user (internal)

22% of internal hackers are end-users. These are employees who click on an email link or attachment or who download software that contains malicious malware.

Malware is malicious software that’s made up of code developed by cyberhackers to cause damage or get unauthorized access into computing devices. Usually embedded in a website link or over email, hackers are just waiting for end-users to click on the link or open the email file in order to execute the malware.

Other (internal)

Internal hackers are also made up of about 22% “other” hackers. These fall into various categories. Such as those who want to break into computer systems just to prove they can or hackers who break into computer networks for a political or social cause.

Organized crime (external)

Organized crime makes up 62% of external hacking. The top threat from organized crime is ransomware, where cybercriminals exploit businesses and organizations by using malicious software to block access to computing networks until payment is made.

Other hacking threats include DDos (Distributed Denial of Service) and social engineering. Including phishing to hijack accounts and gain access to personal information.

Unaffiliated (external)

20% of external cyber-attacks come from unaffiliated hackers who are not part of organized crime or state-affiliated hacking. These hackers use sophisticated methods to steal information and make money.

Unaffiliated hackers are difficult to detect. They continue to come up with new malicious software to gain access to computing systems undetected as they bypass cybersecurity.

State-affiliated (external)

13% of cyber-attacks are done by state-affiliated hackers. These cybercriminals usually have a political or social motivation for hacking into computer networks. Often attempting to compromise the usage and accessibility of network traffic.

What data is hacked?

The data being hacked from businesses and organizations is specific and of value to cybercriminals. Hackers look for this data so they can make money, steal personal identities, and for blackmail. Still, other information is sold to external parties for malicious intent.

Most hacked assets

Hacking assets can be taken from information that can be directly stolen from computing devices and networks. This information can be directly used by hackers and includes both personal and financial information. The top data assets involved in security breaches include:

  • Databases: Network databases are involved in 18% of security breaches. One reason for this is that businesses typically use a database to store all their company and customer information. The infrastructure security of databases is constantly at risk. Making them vulnerable to the sophisticated software that hackers are continually creating.
  • POS terminals: Making up 16% of breaches, POS terminals are at risk. Especially from malware that can easily be installed, accessing the system and stealing data such as credit card information.
  • POS controllers: Another 16% security risk is POS controllers which are just as vulnerable to cyberhacking and malware attacks. The POS system is linked to business and customer information and the business payment process.

Most hacked data type

The most common types of data targeted by cybercriminals include personal, payment information, and medical records.

  • Personal: 36% of compromised data is personal information. Including name and address, social security number, and contact information such as email and phone. This data is often used in identity theft and can be used to apply for loans and open new credit cards.
  • Payment: Payment information compromises 27% of the data stolen in cyber-attacks and can include credit card numbers and other financial information. Once hackers have credit card information, they can make immediate online purchases.
  • Medical: Personal medical information can be used by hackers to buy medications or receive medical treatment. Medical data makes up 25% of security breaches.

Hackers are continually finding new ways to steal your data. Is your business at risk? It’s important that you know what types of businesses are most vulnerable and why. No matter how large or small your company, hackers are looking for a sensitive date to use to their advantage. By understanding the motivation of these cybercriminals, you can stay ahead by using preventive measures to keep your business data secure.

Learn more about how to protect your business and customers or clients by reading the full Hacker Motives: Red Flags and Prevention infographic by Varonis. You’ll find out what motivates hackers and what you can do to keep your confidential information safe.

varonis hacker motives red flags and prevention ig