Kiteworks, the leader in sensitive content communications privacy and compliance through its Private Content Network, today announced global cybercrime costs are projected to soar from $9.22 trillion in 2024 to $13.82 trillion by 2028.1 In the United States alone, these costs are forecasted to exceed $452 billion in 2024. 2 Alarmingly, in 2023, three in four companies in the United States were at risk of a material cyberattack, according to chief information security officers (CISOs).

With this in mind, cybersecurity and compliance expert Kiteworks sought to identify the U.S. states where businesses are most at risk of cyberattacks. To do so, the company created a points-based index that analyzed a variety of factors such as annual victim counts, financial losses from cyberattacks, increases in both victims and losses, and the types of cyberattacks experienced.

Key Findings

  • Colorado is the state where businesses are most at risk of cyberattacks, with a risk score of 7.96. Colorado has seen a 58.7% increase in victim losses since 2017.
  • With the highest population of 38 million, California’s annual cyberattack losses amount to over $656 million (656,847,391).
  • The state of Missouri has the biggest four-year moving increase in financial losses attributed to cyberattacks, with a 136% increase since 2017.
  • Virginia is the only state to see a decrease in cyberattack victims since 2017, with a decrease of 10.8%.

The results:

Rank State Population Total Annual Victim Counts 2023-2020 Total Annual Victim Losses 2023-2020 $ (2023-2017) 4-year Moving Average Increase % in Victim Counts (2023-2017) 4-year Moving Average Increase % in Victim Losses Risk Score/10
1. Colorado 5,877,610 10,776 104,476,603 3.8% 58.7% 7.96
2. New York 19,571,216 27,205 440,673,485 14.4% 75.7% 7.84
3. Nevada 3,194,176 10,551 44,994,168 27.6% 25.2% 7.62
4. California 38,965,193 69,668 656,847,391 28.7% 28% 7.51
5. Missouri 6,196,156 7,911 120,419,301 29.1% 136.1% 7.46
6. Florida 22,610,726 42,188 309,488,592 29.1% 26.1% 7.39
7. Utah 3,417,734 4,410 53,047,234 21.2% 50.2% 7.28
8. Washington 7,812,880 13,676 91,125,161 10% 29.1% 7.09
9. Virginia 8,715,698 11,707 106,822,261 -10.8% 39.3% 7.08
10. Delaware 1,031,890 2,235 7,802,675 76.4% 47.7% 6.96

Colorado Is Most at Risk From Cyberattacks

Colorado is the state where businesses are most at risk of cyberattacks, with a risk score of 7.96 out of 10. Despite its mid-sized population of 5,877,610, Colorado experienced the highest rate of cyberattacks since 2017 and has reported 10,776 annual victims from 2020. Despite Colorado only seeing a moving increase of 3.8% in victims since 2017, the state has faced significant financial losses due to cyberattacks, with a 58.7% increase in losses since 2017, amounting to $104,476,603. This is 65% higher than in the neighboring state of Utah ($53,047,234). This could be due to Colorado’s aging population, as reports show people over the age of 75 are most likely to report repeat cybercrime victimization.3

New York is in second place, with a risk score of 7.84 out of 10. As the fourth most populous state with 19,571,216 residents, New York reported 27,205 annual victims between 2020 and 2023. By contrast, Massachusetts reported one-third the number of victims (8,749) over the same period as New York. New York has seen a 14.4% increase in victims over four years, with reports showing cyberattack complaints up 53% since 2022.4 The financial losses from cyberattacks in the state have also surged by 75.7%, totaling a staggering $440,673,485 lost.

Nevada ranks third with a risk score of 7.62 out of 10, reflecting the state’s growing vulnerability to cyberattacks. With a population of 3,194,176, Nevada reported 10,551 annual victims from 2020 to 2023. The state has experienced a significant 27.6% increase in victim counts over four years, indicating a rapid rise in cybercrime incidents. Just earlier this year, the state’s Gaming Control Board’s website was hit with a cyberattack, resulting in the site being offline for several days.5 The financial losses from cyberattacks have risen in Nevada by 25.2% since 2017, totaling to $44,994,168, 72% more than the neighboring state of Idaho ($12,427,049).

The Most Costly Cyberattacks

Cyberattack Type Total Losses in the US Since 2020 Average Losses per Attack Since 2020
BEC $1,747,924,931 $88,350
Credit Card/Check Fraud $516,046,155 $27,039
Malware $237,469,021 $83,235
Personal Data Breach $217,220,497 $5,360
Lottery/Sweepstakes $211,419,044 $13,869
Real Estate $180,693,427 $12,721
Data Breach $121,162,688 $12,575
Crimes Against Children $114,283,292 $56,688
Investment $103,069,899 $6,423
Phishing/Spoofing $81,561,072 $2,769

BEC Cyberattacks Have the Highest Financial Impact

Business email compromise (BEC) is the cyberattack in the United States with the highest financial impact, with losses exceeding $1 billion ($1,747,924,931) since 2020 and an average loss of $88,350 per incident. BEC attacks involve fraudsters impersonating business executives or employees to deceive victims into transferring funds or revealing sensitive information. Credit card and check fraud rank second, causing $516,046,155 in total losses and an average loss of $27,039 per incident. This fraud typically involves unauthorized use of payment information. Malware attacks, in third place, have resulted in losses of $237,469,021 with an average loss of $83,235 per incident.

The Most Common Cyberattacks

Cyberattack Type Total Attacks in the US Since 2020
Non-payment/Non-delivery 60,113
Personal Data Breach 40,523
Phishing/Spoofing 29,459
No Lead Value 25,523
Overpayment 24,945
Extortion 20,963
BEC 19,784
Credit Card/Check Fraud 19,085
IPR/Copyright and Counterfeit 18,849
Harassment/Stalking 18,112

Non-payment/Non-delivery Cyberattacks Are the Most Common

Non-payment/non-delivery attacks are the most common U.S. cyber threat since 2020 with 60,113 incidents, which involves fraudsters tricking victims into paying for undelivered goods or services. The second most prevalent is personal data breaches, with 40,523 incidents, which can involve unauthorized access to sensitive information often leading to identity theft and fraud.

Patrick Spencer, spokesperson at Kiteworks, commented on the results:

“Our study reveals a concerning trend: Cyberattacks are on the rise, both in frequency and financial impact. As cyber threats continue to evolve, proactive investment in advanced security technologies and employee training can significantly enhance a company’s resilience against cybercrime, as well as a greater focus on data security.

Businesses should adopt a content-defined zero-trust approach to secure their sensitive communications. By consolidating email, file sharing, SFTP, managed file transfer, and web forms into a Private Content Network protected by a hardened virtual appliance, organizations can ensure that sensitive content is only accessed by authorized users. This approach provides advanced security, comprehensive governance, and regulatory compliance, ensuring the protection of sensitive content.”

Press Inquiries

Milly Pyne
Senior Digital PR Executive
milly@journalistic.org

Note to editors:

  1. Statista | Cybercrime Expected To Skyrocket in Coming Years
  2. Statista | The impact of cybercrime on companies in the U.S. – Statistics & Facts
  3. CRIMRXIV | Cybercrime victimization among older adults
  4. OSC | cyberattacks on New York
  5. The Nevada Independent | cyberattack takes down gaming control board

Methodology:

  1. Kiteworks sought to uncover the US states where businesses are most at risk from cyberattacks.
  2. To do so, the experts looked into various factors such as data breaches, crime types, the number of attacks and losses, as well as the number of victims and financial losses.
  3. The corporate data breaches data was broken down by state and the crime type was scraped from the US government annual report from 2023-2017, found here. *Data includes the number of attacks and losses incurred in USD.
  4. The number of attacks and losses were split into averages of 2023-2020 and 2020-2017 for a 4-year moving average.
  5. For victim counts the % increase from 2020-2017 to 2023-2020 were calculated with a minimum threshold of 20 attacks in 2020-2017 to avoid overinflated % increases. The same was applied to % increases in losses incurred but with a threshold of $10k.
  6. The US states most at risk were calculated as a weighted average percent rank of the total victims and losses in 2023-2020, and 2023-2017 4-year moving average percentage increases in victims and losses.
  7. Lastly, the most common cyberattacks and most costly cyberattacks were calculated as the sum total across all states for each attack type.
  8. The data was collected in July 2024 and is accurate as of then.
  9. Please find the full dataset, including the data for all states here.

About Accellion

Kiteworks’ mission is to empower organizations to effectively manage risk in every send, share, receive, and save of sensitive content. The Kiteworks platform provides customers with a Private Content Network that delivers content governance, compliance, and protection. The platform unifies, tracks, controls, and secures sensitive content moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all sensitive content communications.

Get started.

It’s easy to start ensuring regulatory compliance and effectively managing risk with Kiteworks. Join the thousands of organizations who feel confident in their content communications platform today. Select an option below.

Lancez-vous.

Avec Kiteworks, se mettre en conformité règlementaire et bien gérer les risques devient un jeu d’enfant. Rejoignez dès maintenant les milliers de professionnels qui ont confiance en leur plateforme de communication de contenu. Cliquez sur une des options ci-dessous.

Jetzt loslegen.

Mit Kiteworks ist es einfach, die Einhaltung von Vorschriften zu gewährleisten und Risiken effektiv zu managen. Schließen Sie sich den Tausenden von Unternehmen an, die sich schon heute auf ihre Content-Kommunikationsplattform verlassen können. Wählen Sie unten eine Option.

Explore Kiteworks