With cyber-attacks becoming increasingly sophisticated, companies should study trends not just across markets in general but also within their specific industry sector for the latest insight into where they may have unmitigated risks.

The latest installment of Verizon’s annual data breach investigations report suggests the risks are different not just by size of company or geographic location, but also the nature of the business and even the nature of its business partners. Educational institutions are emerging as an increasingly popular target for hackers, for example, perhaps because they partner often with government and industry on research that could contain sensitive secrets, says Dave Hylender, a senior risk analyst at Verizon Business who helped author the report. The report offers “hot spots,” or common risks, for companies in financial services, health care, manufacturing, and other sectors.

The Verizon report is an assembly of data from 65 contributing organizations that have chronicled more than 42,000 incidents and more than 1,900 breaches across 84 countries. It is intended to give organizations insights into where and how cyber-espionage is trending, enabling organizations to shore up their security measures accordingly.

The 2017 installment says cyber-espionage is now the most common type of attack in manufacturing, the public sector, and education, where spies presumably are looking for proprietary research, prototypes, and confidential personal information. Many of those campaigns begin as “phishing” expeditions, says Hylender, where people inside organizations fall for increasingly targeted and credible e-mail requests that lead to information leaks. “In the last several years, we’ve seen a steady increase in espionage attacks with a social component,” he says. “It seems to be a trend, and a growing one at that.”

Despite preachings over the past several years for individuals to take password security seriously, it remains a common vulnerability, says Hylender. More than 80 percent of breaches in the latest analysis began with stolen, weak, or default passwords, he says.

The analysis also shows skimming, or the practice of stealing card data with add-on devices where consumers swipe their cards, is shifting. Skimming at ATMs, for example, declined 25 percent in one year, but skimming at gas pumps tripled. “Is it related to chip adoption in the United States?” Hylender asks. “It could be,” but the report doesn’t provide a specific reason.