Global cybercrime costs are projected to soar from $9.22 trillion in 2024 to $13.82 trillion by 2028. In the U.S. alone, these costs are forecasted to exceed $452 billion in 2024.
Alarmingly, in 2023, three in four companies were at risk of a material cyberattack, according to chief information security officers (CISO).
The company Kiteworks has identified the U.S. states where businesses are most at risk of cyberattacks. To do so, the company created a points-based index which analysed a variety of factors such as annual victim counts, financial losses from cyberattacks, increases in both victims and losses, and the types of cyberattacks experienced.
This demonstrated that Colorado is the state where businesses are most at risk of cyberattacks, with a risk score of 7.96. Colorado has seen a 58.7 percent increase in victim losses since 2017. Despite its mid-sized population of 5,877,610, Colorado experienced the highest rate of cyberattacks and has reported 10,776 annual victims from 2020.
With the highest population of 38 million, California’s annual cyberattack losses amount to over $656 million (656,847,391); whereas the state of Missouri has the biggest four-year moving increase in financial losses attributed to cyberattacks, with a 136 percent increase since 2017.
In contrast, Virginia is the only state to see a decrease in cyberattack victims since 2017, with a decrease of 10.8 percent.
The main data pattern is:
| Rank | State | Population | Total annual victim counts 2023-2020 | Total annual victim losses 2023-2020 $ | (2023-2017) 4-year moving average increase % in victim counts | (2023-2017) 4-year moving average increase % in victim losses | Risk score /10 |
| 1. | Colorado | 5,877,610 | 10,776 | 104,476,603 | 3.8% | 58.7% | 7.96 |
| 2. | New York | 19,571,216 | 27,205 | 440,673,485 | 14.4% | 75.7% | 7.84 |
| 3. | Nevada | 3,194,176 | 10,551 | 44,994,168 | 27.6% | 25.2% | 7.62 |
| 4. | California | 38,965,193 | 69,668 | 656,847,391 | 28.7% | 28% | 7.51 |
| 5. | Missouri | 6,196,156 | 7,911 | 120,419,301 | 29.1% | 136.1% | 7.46 |
| 6. | Florida | 22,610,726 | 42,188 | 309,488,592 | 29.1% | 26.1% | 7.39 |
| 7. | Utah | 3,417,734 | 4,410 | 53,047,234 | 21.2% | 50.2% | 7.28 |
| 8. | Washington | 7,812,880 | 13,676 | 91,125,161 | 10% | 29.1% | 7.09 |
| 9. | Virginia | 8,715,698 | 11,707 | 106,822,261 | -10.8% | 39.3% | 7.08 |
| 10. | Delaware | 1,031,890 | 2,235 | 7,802,675 | 76.4% | 47.7% | 6.96 |
From the above table, New York is in second place, with a risk score of 7.84 out of 10. As the fourth most populous state with 19,571,216 residents, New York reported 27,205 annual victims between 2020-2023.
By contrast, Massachusetts reported one third the number of victims (8,749) over the same period as New York. New York has seen a 14.4 percent increase in victims over four years, with reports showing cyberattack complaints up 53 percent since 2022. The financial losses from cyberattacks in the state have also surged by 75.7 percent, totalling a staggering $440,673,485 lost.
It is also of interest that Nevada ranks third with a risk score of 7.62 out of 10, reflecting the state’s growing vulnerability to cyberattacks. With a population of 3,194,176, Nevada reported 10,551 annual victims from 2020 to 2023. The state has experienced a significant 27.6 percent increase in victim counts over four years, indicating a rapid rise in cybercrime incidents.
Just earlier this year, the state’s Gaming Control Board’s website was hit with a cyberattack, resulting in the site being offline for several days. The financial losses from cyberattacks have risen in Nevada by 25.2% since 2017, totalling to $44,994,168, 72% more than the neighbouring state of Idaho ($12,427,049).
