Global cybercrime costs are projected to soar from $9.22 trillion in 2024 to $13.82 trillion by 2028, according to a report by Stocklytics.com. Cyberattacks in the United States alone are forecasted to exceed $452 billion in 2024. Alarmingly, a survey among Chief Information Security Officers (CISO) in the United States showed that three in four organizations were at risk of a material cyberattack in 2023.
With this in mind, cybersecurity and compliance expert Kiteworks sought to identify the U.S. states where businesses are most at risk of cyberattacks. To do so, the company created a points-based index which analyzed a variety of factors such as annual victim counts, financial losses from cyberattacks, increases in both victims and losses, and the types of cyberattacks experienced.
Key Findings of Cyberattacks in US Report
- Colorado is the state where businesses are most at risk of cyberattacks, with a risk score of 7.96. Colorado has seen a 58.7 per cent increase in victim losses since 2017
- With the highest population of 38 million, California’s annual cyberattack losses amount to over $656 million (656,847,391)
- The state of Missouri has the biggest four-year moving increase in financial losses attributed to cyberattacks, with a 136 per cent increase since 2017
- Virginia is the only state to see a decrease in cyberattack victims since 2017, with a decrease of 10.8 per cent
Colorado is Most at Risk Due to Cyberattacks
Colorado is the state where businesses are most at risk of cyberattacks, with a risk score of 7.96 out of 10. Despite its mid-sized population of 5,877,610, Colorado experienced the highest rate of cyberattacks since 2017 and has reported 10,776 annual victims from 2020. Despite Colorado only seeing a moving increase of 3.8 per cent in victims since 2017, the state has faced significant financial losses due to cyberattacks, with a 58.7 per cent increase in losses since 2017, amounting to $104,476,603. This is 65 per cent higher than in the neighbouring state of Utah ($53,047,234). This could be due to Colorado’s aging population, as reports show people over the age of 75 are most likely to report repeat cybercrime victimization.
New York is in second place, with a risk score of 7.84 out of 10. As the fourth most populous state with 19,571,216 residents, New York reported 27,205 annual victims between 2020-2023. By contrast, Massachusetts reported one third the number of victims (8,749) over the same period as New York. New York has seen a 14.4 per cent increase in victims over four years, with reports showing cyberattack complaints up 53 per cent since 2022. The financial losses from cyberattacks in the state have also surged by 75.7 per cent, totalling a staggering $440,673,485 lost.
Nevada ranks third with a risk score of 7.62 out of 10, reflecting the state’s growing vulnerability to cyberattacks. With a population of 3,194,176, Nevada reported 10,551 annual victims from 2020 to 2023. The state has experienced a significant 27.6 per cent increase in victim counts over four years, indicating a rapid rise in cybercrime incidents. Just earlier this year, the state’s Gaming Control Board’s website was hit with a cyberattack, resulting in the site being offline for several days. The financial losses from cyberattacks have risen in Nevada by 25.2 per cent since 2017, totaling to $44,994,168, 72 per cent more than the neighbouring state of Idaho ($12,427,049).
The Most Costly Cyberattacks
Business Email Compromise (BEC) is the cyberattack in the United States with the highest financial impact, with losses exceeding $1 billion ($1,747,924,931) since 2020 and an average loss of $88,350 per incident. BEC attacks involve fraudsters impersonating business executives or employees to deceive victims into transferring funds or revealing sensitive information. Credit card and check fraud rank second, causing $516,046,155 in total losses and an average loss of $27,039 per incident. This fraud typically involves unauthorized use of payment information. Malware attacks, in third place, have resulted in losses of $237,469,021 with an average loss of $83,235 per incident.
Most Common Cyberattacks
Non-payment/non-delivery attacks are the most common US cyber threat since 2020 with 60,113 incidents, which involves fraudsters tricking victims into paying for undelivered goods or services. The second most prevalent is personal data breaches, with 40,523 incidents, which can involve unauthorized access to sensitive information often leading to identity theft and fraud.
Patrick Spencer, spokesperson at Kiteworks, commented on the results:
“Our study reveals a concerning trend: cyberattacks are on the rise, both in frequency and financial impact. As cyber threats continue to evolve, proactive investment in advanced security technologies and employee training can significantly enhance a company’s resilience against cybercrime, as well as a greater focus on data security.
“Businesses should adopt a content-defined zero trust approach to secure their sensitive communications. By consolidating email, file sharing, SFTP, managed file transfer, and web forms into a private content network protected by a hardened virtual appliance, organizations can ensure that sensitive content is only accessed by authorized users. This approach provides advanced security, comprehensive governance, and regulatory compliance, ensuring the protection of sensitive content,” he concluded.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.