Cyber threats aren’t abstract headlines — they’re a significant part of the risk landscape for Chicago businesses. As the third largest city in the U.S., Chicago is a major hub for finance, education, healthcare, logistics, and manufacturing. Unfortunately, this list aligns with the industries that bad actors most frequently target.
According to the Identity Theft Resource Center’s 2025 report, the most targeted industries include financial services, healthcare, and professional services, followed by manufacturing and education. Mid-market companies within these industries are particularly at risk if they lack the sophisticated security programs of Fortune 100 firms.
Due to its urban environment, interconnected supply chains, and significant work-from-home population, Chicago is also seeing a rise in the volume of data breaches, with several notable attacks occurring in the last few years. According to data from the FBI’s Internet Crime Complaint Center, 96 Illinois companies reported being the victim of data breaches in 2022, up from 41 reported breaches in 2021.
With the increase in cyber incidents as well as updated regulations from CISA, NYDFS, and the EU’s NIS, executives and boards are looking at poor security programs as an organizational risk and have amped up the pressure on CISOs.
So what should Chicago CISOs be thinking about in 2026? Here, we’ll look at recent attacks in Chicago, the biggest risks that exist in the market, why these risks matter, and practical steps to up your security posture in 2026.
Last year, Chicago experienced several high-profile breaches across its biggest industries. Healthcare was hit especially hard, though education, manufacturing, and finance have all seen major disruptions to players big and small. While there are attempted breaches happening daily, and successful breaches happening nearly as often, these are some of the largest, most notable cyberattacks from the 2020s.
Last February, the Russian hacking group Cl0p stole the names, birth dates, genders, and student identification numbers of more than 700,000 current and former Chicago Public Schools students. The attackers were able to access and extract the information by exploiting a weakness in a technology vendor’s software.
Similarly, an attack on PowerSchool, a cloud-based student information system used by Wilmette Public School District 39, compromised data for roughly 16,000 students and 3,000 staff. The same breach exposed student data at another Chicago-area district, Mundelein High School District 120.
In May of 2025, University of Chicago Medicine announced that a data breach of one of its medical groups may have exposed the personal information of nearly 40,000 patients. The data gathered, which includes patients’ first and last names, addresses, birth dates, Social Security numbers, plus financial and medical information, was accessed via a security breach at a third-party vendor. This hospital attack closely follows a 2024 attack that shut down the phone, email, and medical records systems at Lurie Children’s for several days and shares the stage with other 2025 attacks on Chicago’s Loretto Hospital and St. Anthony Hospital.
One of the largest insurance companies in the U.S., CNA Financial, paid a $40 million ransom — the largest ever reported — in 2021 after an attack group called Phoenix broke in using stolen credentials that swiped company data and shut down systems.
Molson Coors, the Chicago-based brewer behind the Miller and Coors brands, experienced a cyber incident in 2021 that took systems offline and disrupted operations, including production and shipping. While details weren’t published publicly, it was suspected to be a ransomware attack that took the company offline for almost a week.
These are just a few examples of Chicago-area breaches that have caused significant disruptions in recent years. These cyberattacks aren’t isolated incidents; they represent an ongoing threat to Chicago businesses, especially those without robust security programs or the funds to pay out multi-million-dollar ransoms.
So what do these attacks mean for Chicago businesses? For starters, cyberattacks need to be treated as a core business risk. The threat is persistent; and the reputational, operational, and financial ramifications can be significant for businesses of all sizes. Companies can’t treat cyberattacks as the responsibility of IT and security teams; security should be owned at the top, and security best practices should be woven into all business operations.
As for attack vectors, ransomware continues to be an effective tool for bad actors, and double extortion (and even triple) is becoming an increasingly popular way for hackers to launch more profitable attacks. As regulations continue to become more stringent and affect more industries, double extortion attacks will likely increase.
Given the high-value data, strict regulations, and limited SOC maturity, education and healthcare will continue to be enticing targets, especially in large cities like Chicago. An attack on a school district or large hospital like the U of C or Lurie’s could easily impact hundreds of thousands of people, which means a big payout for attackers.
Finally, the increase in supply chain attacks means every business is susceptible to an attack. Even the largest companies with robust security programs can fall if the appropriate visibility tools and access policies aren’t in place when a bad actor exploits a vulnerability in a third-party vendor, supplier, or software provider’s systems. The same is true of small and mid-sized players working with Fortune 500 vendors that might be attractive targets for bad actors. At the end of the day, your security posture is only as good as the weakest link in your supply chain.
In a rapidly evolving threat landscape, security professionals and CISOs face several significant challenges, including budgetary and resource constraints, a lack of executive buy-in, legacy systems incompatible with modern security software, and employee vulnerability. This is on top of the pressure to keep up with increasingly sophisticated attack vectors and AI-powered attacks.
Beyond the common barriers to cyber resiliency, Chicago CISOs face regional-specific issues, including:
As the third largest city in the U.S., Chicago’s vast, interconnected digitized infrastructure significantly increases the city’s attack surface. The smart devices used to control power, water, transportation, and emergency response systems expand the attack surface even further, providing additional endpoints for bad actors to exploit.
The vast amounts of citizen data housed by government agencies and the significant amounts of data stored by the 35 Fortune 500 companies headquartered in Chicago also draw the attention of cybercriminal groups.
Given the constant threat of supply chain attacks, even small and mid-sized businesses are more frequently targeted in Chicago, due to their proximity to Chicago’s government agencies or major corporations.
In addition to national and global regulations, Chicago businesses must comply with the Illinois Personal Information Protection Act (PIPA), which calls for businesses to implement “reasonable” security measures and report suspected data breaches to individuals affected and the Attorney General within 45 days of the event.
Illinois businesses that collect, use, and store biometric data such as fingerprints, eye scans, and facial geometry must also comply with the Biometric Information Privacy Act (BIPA), which lays out incredibly strict requirements for obtaining consent for the collection of this information and storing and destroying the information once it is no longer in use.
Because fines can be significant, boards and executives are pressuring CISOs to ensure compliance with these and other government regulations.
Like many other major metropolises, Chicago continues to see high rates of remote and hybrid work environments. Roughly 15.5% of all Chicago area workers are remote, with 30.6% of Chicago area Professional and Business Services professionals working remotely as well. That trend is predicted to continue as Robert Half found 29% of jobs posted in Q4 of 2025 are hybrid.
While popular among employees, hybrid and remote work environments pose significant challenges for security teams. With personal devices connecting to company systems over unsecured networks, IT teams start losing visibility into and control over their attack surface, making it harder to protect.
For many years, the entire security industry has faced significant talent shortages. Even large companies in major markets are having trouble finding experienced talent with the right skills and qualifications to fill out overworked teams. Employees are burned out and unable to keep up with the evolving threats, intense pressure, and 24/7 demands of the job. This strain has been exacerbated for Chicago companies since the pandemic, as West Coast organizations pull remote talent from the Midwest. Mid-sized Chicago companies are having even more trouble finding talent because they can’t keep up with the competitive offers of the larger organizations in the city.
Despite the many challenges Chicago CISOs face on a daily basis, there are ways to keep threats at bay and ramp up their security posture now.
An effective security program isn’t built in a day, but there are a few actions a Chicago CISO can take right now to stand up a security program fast and protect against the most common and pressing threats. To erect a modern security program, Chicago CISOs should:
Once these elements are in place, Chicago CISOs can continue to build up and monitor their defenses to ensure they are protected against modern threats — both national and regional.
While Chicago CISOs face the same sophisticated attacks businesses are confronting worldwide, Chicago organizations, and specifically mid-sized companies in the finance, healthcare, manufacturing, professional services, and education sectors, need to think about regional threats, supply chain attacks, and double extortion attacks via ransomware to be truly protected. Security strategies should be tailored to these threats and comprehensive in their attempt to stop them.
Are you ready to take action? Reach out to the security experts at SolCyber to talk about the risks facing your business and assess your cyber readiness to defend against them.
Photo by Pedro Lastra on Unsplash
By subscribing you agree to our Privacy Policy and provide consent to receive updates from our company.
