Which US States Are Most At Risk From Cyber Attacks? 

Uploaded on 2024-09-12 in TECHNOLOGY--Resilience, GOVERNMENT-Local, FREE TO VIEW

Global cyber crime costs are projected to soar from $9.22 trillion in 2024 to $13.82 trillion by 2028. In the United States alone, these costs are forecasted to exceed $452 billion in 2024. 

Alarmingly, in 2023, three in four companies in the United States were at risk of a material cyber attack.

With this in mind, cyber security and compliance company  Kiteworks has sought to identify the US states where businesses are most at risk of cyber attacks. 

To do so, the company created a points-based index which analysed a variety of factors such as annual victim counts, financial losses from cyber attacks, increases in both victims and losses, and the types of cyber attacks experienced.

Key findings for Most at Risk Top 4 States:

  • Colorado is the state where businesses are most at risk of cyber attacks, with a risk score of 7.96. Colorado has seen a 58.7% increase in victim losses since 2017.
  • With the highest population of 38 million, California’s annual cyber attack losses amount to over $656 million (656,847,391).
  • The state of Missouri has the biggest four-year moving increase in financial losses attributed to cyber attacks, with a 136% increase since 2017.
  • Virginia is the only state to see a decrease in cyberattack victims since 2017, with a decrease of 10.8%.

source: Kiteworks

Colorado is the state where businesses are most at risk of cyber attacks, with a risk score of 7.96 out of 10. Despite its mid-sized population of 5,877,610, Colorado experienced the highest rate of cyber attacks since 2017 and has reported 10,776 annual victims from 2020. 

Despite only seeing a moving increase of 3.8% in victims since 2017, the state has faced significant financial losses due to cyberattacks, with a 58.7% increase in losses since 2017, amounting to $104,476,603. 
This is 65% higher than in the neighbouring state of Utah ($53,047,234). 

This could be due to Colorado’s ageing population, as reports show people over the age of 75 are most likely to report repeat cybercrime victimisation.

New York is in second place, with a risk score of 7.84 out of 10. As the fourth most populous state with 19,571,216 residents, New York reported 27,205 annual victims between 2020-2023. By contrast, Massachusetts reported one third the number of victims (8,749) over the same period as New York. New York has seen a 14.4% increase in victims over four years, with reports showing cyberattack complaints up 53% since 2022. 

The financial losses from cyberattacks in New York state have also surged by 75.7%, totalling a staggering $440,673,485 lost. 

Nevada ranks third with a risk score of 7.62 out of 10, reflecting the state's growing vulnerability to cyber attacks. With a population of 3,194,176, Nevada reported 10,551 annual victims from 2020 to 2023.  The state has experienced a significant 27.6% increase in victim counts over four years, indicating a rapid rise in cybercrime incidents. Just earlier this year, the state's Gaming Control Board’s website was hit with a cyberattack, resulting in the site being offline for several days. 

The financial losses from cyber attacks have risen in Nevada by 25.2% since 2017, totaling to $44,994,168, 72% more than the neighbouring state of Idaho ($12,427,049).

The Most Common Cyber Attacks

Business Email Compromise:  (BEC) is the cyber attack in the United States with the highest financial impact, with losses exceeding $1 billion ($1,747,924,931) since 2020 and an average loss of $88,350 per incident. 
BEC attacks involve fraudsters impersonating business executives or employees to deceive victims into transferring funds or revealing sensitive information. 

Credit Card & Cheque Fraud: Ranking second, causing $516,046,155 in total losses and an average loss of $27,039 per incident. This fraud typically involves unauthorised use of payment information. 
Malware Attacks, in third place, have resulted in losses of $237,469,021 with an average loss of $83,235 per incident.

Non-payment/Non-delivery attacks:  Are amongst the most common US online threat since 2020 with 60,113 incidents, which involve victims being deceived and into paying for undelivered goods or services. 

Personal data breaches: Another very common form of attack, with 40,523 incidents, which can involve unauthorised access to sensitive information often leading to identity theft and fraud.

Kiteworks' VP of Marleting & Reserach, Patrick Spencer, commented “Our study reveals a concerning trend: cyberattacks are on the rise, both in frequency and financial impact. As cyber threats continue to evolve, proactive investment in advanced security technologies and employee training can significantly enhance a company's resilience against cybercrime, as well as a greater focus on data security."

“Businesses should adopt a content-defined zero trust approach to secure their sensitive communications... By consolidating email, file sharing, SFTP, managed file transfer, and web forms into a private content network protected by a hardened virtual appliance, organisations can ensure that sensitive content is only accessed by authorised users... 

This approach provides advanced security, comprehensive governance, and regulatory compliance, ensuring the protection of sensitive content.” Spencer advises.

Image: Ideogram

You Might Also Read: 

High Stakes: Business Email Compromise:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Attack On Transport For London Exposed Passenger Bank Details
Combating Cyber Attacks With Threat Intelligence  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

iboss Network Security

iboss Network Security

The iboss cloud is designed to deliver Network Security as a Service, in the cloud, using the best malware engines, threat feeds and log analytics engines.

APrivacy

APrivacy

APrivacy provides information and communication security products for the financial services industry.

Payatu

Payatu

Payatu Technologies is a security testing and services company specialized in Software, Application and Infrastructure security assessments and deep technical security training.

Dreamlab Technologies

Dreamlab Technologies

Dreamlab specialises in securing critical IT infrastructures. We offer qualitative support and advice for managing your infrastructure and cyber security needs.

Corvus Insurance

Corvus Insurance

Corvus' mission is to create a safer, more productive world through technology-enabled commercial insurance.

Root9B (R9B)

Root9B (R9B)

R9B offers advanced cybersecurity products, services, and training to enhance the way organizations protect their networks.

VIQU Recruitment

VIQU Recruitment

VIQU Recruitment was formed with the primary focus of providing 'Smarter People Solutions' to the UK’s professional IT & Cyber Security markets.

Secure-IC

Secure-IC

Secure-IC provide end-to-end, best-of-breed security expertise, solutions, and hardware & software technologies, for embedded systems and connected objects.

Document Security Systems (DSS)

Document Security Systems (DSS)

DSS anti-counterfeit, authentication, and brand protection solutions are deployed to prevent attacks which threaten products, digital presence, financial instruments, and identification.

Force Majeure

Force Majeure

Force Majeure specializes in cybersecurity, incident response, and digital forensics, with experience spanning more than a decade.

SecureTech360

SecureTech360

SecureTech360 is a cybersecurity and IT consulting firm whose principals have extensive experience in Cybersecurity and Information Technology.

Infinidat

Infinidat

Infinidat delivers enterprise-proven solutions for data storage, data protection, business continuity, and sovereign cloud storage.

Opticks Security

Opticks Security

Opticks provides fraud detection and monitoring solutions for leading brands. agencies and networks. Our relentless mission is to deliver reliable and innovative software to beat digital fraud.

Digitale Gründerinitiative Oberpfalz (DGO)

Digitale Gründerinitiative Oberpfalz (DGO)

Digital Founder Initiative Oberpfalz's goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

Exceed Cybersecurity & I.T. Services

Exceed Cybersecurity & I.T. Services

Exceed Cybersecurity & I.T. Services is a premier Managed Internet Technology (I.T.) company with a focus in cybersecurity risk management and CMMC compliance management.

Sify Technologies

Sify Technologies

Sify is the largest ICT service provider, systems integrator, and all-in-one network solutions company on the Indian subcontinent.

Brightsolid

Brightsolid

Brightsolid are experts in Hybrid Cloud. We design, build and manage secure, scalable cloud environments that meet customers’ business ambitions.

Socket

Socket

Socket protects software applications and critical services from malware and security threats originating in open source code.