Cyber attack risks faced by businesses across states and reported data breaches are relative to the respective state governments’ cybersecurity investment, according to Network Assured.
Study methodology
Network Assured compared data from State Attorneys Generals and the Department of Health and Human Services (HHS) Centers for Medicare and Medicaid Services (CMS) Office of Civil Rights’ (OCR), along with public reporting of state budgets for cybersecurity.
The study also compared data breach statistics with the number of registered business entities in each state to establish a “breaches per 1000 business entities” value that helped rank each state’s relative cybersecurity performance.
No state is safe from data breaches
While expectedly, California, with its high concentration of businesses in technology and healthcare recorded the highest number of data breaches at 1,338, the relatively small state of Maryland ranked 5th worst in the nation with 343 breaches.
Other study results indicated that:
- 3 of the worst 10 data breaches of 2022 were against companies in California. 2 of those 3 data breaches were against the same company: Twitter.
- Despite being the nation’s worst state for data breaches, the state government of California spends less on cybersecurity than New York, Texas, Florida, and even Maryland.
- In 2022, Florida had more than 4 times the number of data breaches per 1000 registered healthcare entities than any other state in the country. It recorded 4.73 breaches per 1000 healthcare entities, compared to New York’s 1.15.
- Texas was the 3rd worst state in the country for data breaches despite having the highest state government budget for cybersecurity endeavors, at $800 million dollars.
Is government spending on cybersecurity effective?
The study suggests that a state government’s investment in cybersecurity programs does not correlate with a reduction in the risk of data breaches in that state.
Texas committed more to cybersecurity initiatives in 2021 than any other state, at $800 million. Despite this, it ranked 3rd worst in the nation for its number of data breaches.
Other states have taken a more proactive approach to their cybersecurity risk. After suffering a number of high profile breaches, Maryland committed more than $200 million to cybersecurity initiatives in 2022, more than the cybersecurity investments of California and New York combined.
Lack of transparency around data breaches puts Americans at risk
The study revealed that certain states – New York is one – does not maintain a public record of data breaches, even though it requires companies to report them.
According to study author Aaron Weissman, “This harms the residents of a state. If there are no transparent records of security incidents or data breaches supported by state laws, there is no straightforward way for individuals to be certain they haven’t been impacted by a breach, and take the necessary measures to protect themselves.”
Other states have a much better reporting system for data breaches, like Texas, that publicly records all reported breaches, including the type of information that was compromised and the number of Texans affected.