From financial services to healthcare: Top sectors that faced highest cybersecurity threats in 2024

The financial services sector, including banking, insurance, and digital finance, and the healthcare sector, including pharmaceuticals and life sciences, were the top sectors that faced the maximum number of data breaches and cybersecurity risks in 2024.

“Energy, power & utility organisations are driving significant economic value in the country and are also becoming prime targets for cyber-attacks in the last 2-3 years,” Sundareshwar K, partner - cybersecurity, PwC told Fortune India.

Sundareshwar reveals that healthcare organisations were impacted the most post-pandemic, with the average cost of a cyber-attack in the sector reaching $5.3 million (₹45.20 crore), 25% higher than the global average of $4.4 million (₹37.52 crore). Notably, 27% of pharmaceutical and life sciences organisations reported data breaches that cost between $1 million and $9.9 million, while 4% faced breaches with costs of $20 million or more.

In comparison, 17% of financial services reported breach costs between $1 million and $9.9 million. Over 16% of the organisations in the financial sector in India reported no data breaches in the last three years, which is 2% higher than the global average.

Similarly, in energy, utility, and manufacturing services, 11% reported breach costs of $10 million and above, which is significantly higher than the global average of 7%.

Sundareshwar also revealed that various regulations across different sectors provide guard rails for organizations.

“…74% of the organizations have reported that regulations have helped strengthen their Cyber posture and have a positive influence on organization growth,” he said.

As a result, more organisations continue to quantify cyber risks to reiterate that a cyber program is important for continued investments and protecting their brand value.

Further, as technology evolves, the extent of cyber risks has only gone up given in the last year organizations have observed an expansion to the attack surface primarily driven by cloud technologies, usage of SaaS and Gen AI. Over 41% organisations in the energy sector are concerned about cloud-related threats in the coming year, making it the leading threat vector for 2025.

“These technologies have lowered the entry barrier for less experienced actors to be able to conduct large-scale phishing attacks and create deepfakes. Also, with the proliferation of 5G, connected devices in various sectors are becoming prominent and that is increasing the complexity of cyber-attacks,” Sundareshwar added.

This creates an urgent need for organisations to divert a significant share of their resources to curb the threat of cyber risks.

“Data Security is emerging as the investment priority across sectors with 48% in the Energy and Utilities sector, 46% in Financial Services and 49% in Healthcare; the global average is 48% across sectors,” Sundareshwar said.

“With the new DPDP law in place, organisations are looking for end-to-end data lifecycle management where they can focus on securing data across the value chain of their enterprise, including sharing with third parties,” he added.