As cybercrime continues to evolve, businesses across the United States are increasingly vulnerable to costly cyberattacks. A new study by Kiteworks reveals that certain states are at particularly high risk, with businesses in Colorado, New York, and Nevada facing the greatest threats.
Business Email Compromise (BEC) was identified as the most financially devastating type of cyberattack in the U.S., with total losses exceeding $1.7 billion since 2020 and an average loss of $88,350 per incident. Credit card and check fraud followed, resulting in over $516 million in losses.
The most common type of cyberattack reported in the U.S. since 2020 was non-payment or non-delivery fraud, with over 60,000 incidents. This form of cybercrime involves fraudsters deceiving victims into paying for goods or services that are never delivered.
According to the study, Colorado ranks as the state where businesses are most at risk with a score of 7.96. Despite its relatively small population, Colorado has experienced a significant increase in cyberattack-related financial losses, rising by 58.7% since 2017 to reach over $104 million. The state also reported an annual average of 10,776 cyberattack victims from 2020 to 2023.
New York follows closely with a risk score of 7.84. The state, home to 19.57 million residents, reported the highest number of annual cyberattack victims, with 27,205 incidents from 2020 to 2023. Financial losses in New York have also surged by 75.7% over the past four years, totaling over $440 million.
Nevada ranked third with a risk score of 7.62. The state has seen a 27.6% increase in cyberattack victim counts over the past four years, with 10,551 annual victims and financial losses exceeding $44 million.
Other states highlighted in the study include California, Missouri, Florida, Utah, Washington, Virginia, and Delaware—each facing varying levels of cyberattack risks.
Kiteworks spokesperson Patrick Spencer emphasized the need for businesses to adopt advanced security measures to combat these rising threats.
“By consolidating email, file sharing, SFTP, managed file transfer, and web forms into a private content network protected by a hardened virtual appliance, organizations can ensure that sensitive content is only accessed by authorized users. This approach provides advanced security, comprehensive governance, and regulatory compliance, ensuring the protection of sensitive content,” Spencer said.
