A new study conducted by cybersecurity and compliance expert Kiteworks has identified the U.S. states where businesses are most at risk of cyberattacks, with Colorado topping the list.

Kiteworks created a points-based index to analyze various factors, including annual victim counts, financial losses from cyberattacks, increases in both victims and losses and the types of cyberattacks experienced. The study highlights significant trends and growth levels in cyberattack risks across the country.

Colorado ranks as the state most at risk of cyberattacks, with a risk score of 7.96 out of 10. Despite its mid-sized population, Colorado reported 10,776 annual cyberattack victims from 2020. The state has seen a 58.7% increase in financial losses due to cyberattacks since 2017, totaling $104,476,603. This figure is 65% higher than neighboring Utah’s losses of $53,047,234. The aging population in Colorado, particularly those over 75, may contribute to this vulnerability, as older adults are more likely to report repeated cybercrime victimization.

New York holds the second spot with a risk score of 7.84 out of 10. With a population of over 19 million, New York reported 27,205 annual cyberattack victims between 2020 and 2023. The state has experienced a 14.4% increase in victims over four years, and cyberattack complaints have surged by 53% since 2022. Financial losses from cyberattacks in New York have increased by 75.7%, totaling $440,673,485.

Nevada ranks third with a risk score of 7.62 out of 10, reflecting the state’s growing vulnerability to cyberattacks. With a population of just over 3 million, Nevada reported 10,551 annual victims from 2020 to 2023. The state has seen a 27.6% increase in victim counts over four years, and financial losses have risen by 25.2% since 2017, amounting to $44,994,168. Earlier this year, a cyberattack on Nevada’s Gaming Control Board’s website took it offline for several days, highlighting the state’s cyber vulnerabilities.

Missouri, which has experienced a 136% increase in financial losses due to cyberattacks since 2017, and Virginia, the only state to see a decrease in cyberattack victims since 2017 with a 10.8% reduction, also feature prominently in the study.

The study also identified the types of cyberattacks with the highest financial impact and frequency. Business Email Compromise (BEC) has the highest financial impact, with losses exceeding $1.7 billion since 2020 and an average loss of $88,350 per incident. Credit card and check fraud rank second, causing over $516 million in total losses, followed by malware attacks, which have resulted in losses of $237 million.

Non-payment/non-delivery attacks are the most common cyber threat in the U.S., with 60,113 incidents since 2020. These attacks involve fraudsters tricking victims into paying for undelivered goods or services. Personal data breaches, with 40,523 incidents, are the second most prevalent type of cyberattack, often leading to identity theft and fraud.

“Our study reveals a concerning trend: cyberattacks are on the rise, both in frequency and financial impact,” said Patrick Spencer, spokesperson for Kiteworks. “As cyber threats continue to evolve, proactive investment in advanced security technologies and employee training can significantly enhance a company’s resilience against cybercrime, as well as a greater focus on data security.”

Spencer emphasized the importance of adopting a content-defined zero trust approach to secure sensitive communications. By consolidating email, file sharing, SFTP, managed file transfer and web forms into a private content network protected by a hardened virtual appliance, organizations can ensure that sensitive content is only accessed by authorized users. This approach provides advanced security, comprehensive governance and regulatory compliance, ensuring the protection of sensitive content.

Methodology

To produce the ranking, Kiteworks analyzed the total number of cyberattacks reported in each state and their respective populations, utilizing data from the FBI’s Internet Crime Report. The study calculated the number of cyberattacks per 100,000 residents to ensure fairness.

Researchers also gathered data on the total amount of money lost to internet crimes, calculating an average loss per incident. The study examined the most frequent types of internet crimes committed in each state and compared data from 2021, 2022 and 2023 to identify trends and differences over the years.

These findings provide valuable insights into the states most at risk of cyberattacks and highlight the need for enhanced cybersecurity measures to protect businesses and individuals from evolving cyber threats.