Colorado, New York, and Nevada have the most financial losses.
As cybercrime evolves, businesses across the United States become increasingly vulnerable to costly cyberattacks. According to a new Kiteworks report, specific states are especially vulnerable, with Colorado, New York, and Nevada businesses facing the most threats.
Business Email Compromise (BEC) has been designated as the most financially catastrophic type of cybercrime in the United States, with cumulative losses reaching $1.7 billion since 2020 and an average cost of $88,350 per incident. Credit card and cheque fraud followed, causing approximately $516 million in losses.
Non-payment or non-delivery fraud was the most common form of cyberattack recorded in the United States since 2020, accounting for more than 60,000 cases.This type of cybercrime involves defrauding people into paying for goods or services that are never delivered.
According to the study, Colorado ranks as the state where businesses are most at risk with a score of 7.96. Despite its relatively small population, Colorado has experienced a significant increase in cyberattack-related financial losses, rising by 58.7% since 2017 to reach over $104 million. The state also reported an annual average of 10,776 cyberattack victims from 2020 to 2023.
New York follows closely behind with a risk score of 7.84. From 2020 to 2023, the state, which has a population of 19.57 million, had the highest number of cyberattack victims, with 27,205 occurrences. Financial losses in New York have also increased by 75.7% over the last four years, reaching more than $440 million.
Nevada placed third, with a risk score of 7.62. Over the last four years, the state has seen a 27.6% growth in cyberattack victim counts, with 10,551 victims each year and financial damages totalling more than $44 million.
Other states mentioned in the paper include California, Missouri, Florida, Utah, Washington, Virginia, and Delaware, all of which face varied levels of cyberattack danger.
Kiteworks spokesperson Patrick Spencer emphasised the importance of firms implementing advanced security solutions to tackle these escalating threats.
“Organisations can ensure that sensitive content is only accessed by authorised users by combining email, file sharing, SFTP, controlled file transfer, and online forms into a private content network protected by a hardened virtual appliance. This strategy ensures sensitive content is protected through enhanced security, thorough governance, and regulatory compliance,” Spencer stated.