Global cybercrime costs are projected to surge from $9.22 trillion in 2024 to $13.82 trillion by 2028, with U.S. losses alone expected to exceed $452 billion in 2024.
In 2023, 75 percent of U.S. companies faced the risk of a significant cyberattack, with reports revealing that critical infrastructure sustained over 420 million attacks—13 per second—between January 2023 and January 2024, marking a 30 percent increase primarily targeting the U.S.
The cybersecurity firm Kiteworks sought to identify the U.S. states where businesses are most at risk of cyberattacks. To gather the data, analysts looked into various factors such as data breaches, crime types, the number of attacks and losses, as well as the number of victims and financial losses. The corporate data breaches data was broken down by state.
US States Most at risk of Cyberattacks

From the above table, Colorado is most at risk from cyberattacks, with a risk score of 7.96 out of 10. Despite its mid-sized population of 5,877,610, Colorado experienced the highest rate of cyberattacks since 2017 and has reported 10,776 annual victims from 2020.
New York is in second place, with a risk score of 7.84 out of 10. As the fourth most populous state with 19,571,216 residents, New York reported 27,205 annual victims between 2020-2023. By contrast, Massachusetts reported one third the number of victims (8,749) over the same period as New York.
Nevada ranks third with a risk score of 7.62 out of 10, reflecting the state’s growing vulnerability to cyberattacks. With a population of 3,194,176, Nevada reported 10,551 annual victims from 2020 to 2023. The state has experienced a significant 27.6 percent increase in victim counts over four years, indicating a rapid rise in cybercrime incidents.
