Colorado, New York, Nevada, and California are the US states with the highest risk of cyberattacks in 2024. These are the only four states with risk scores over 7.5, collectively accounting for 118,200 victims between 2020 and 2023.
As per IBM’s report, the global cost of data breaches reached an all-time high in 2024, averaging $4.88 million. It showed a 10% increase over 2023’s cost. The data breach cost for cloud-based data saw the highest average breach cost of $5.17 million.
In November 2024, 83 new data breaches were reported in the United States alone. These breaches impacted 5,266,320 individuals, with Arizona-based OnePoint Patient Care (OPPC) accounting for 1.7 million affected individuals. Other notable breaches affected Set Froth, Inc. (1.5 million), the City of Columbus (500,000), and Keesal, Young & Logan (316,350). These significant data breach incidents highlighted the scale of vulnerabilities in digital infrastructures, underscoring the need for robust cybersecurity measures.
Most Affected States in the US
The most affected states by cyberattacks are Colorado, New York, and Nevada. California ranks fourth on the list. Cybercriminals mainly target healthcare, information technology, governmental, education, finance, and hospitality sectors.
Cyber criminals use ransomware, malware, and social engineering techniques to breach the security system, exploiting system vulnerabilities like outdated software and hardware systems, misconfigured firewalls, weak passwords, and authentication methods. Such threat actors lead to the loss of sensitive data and information, financial loss, operational disruption, and reputational damage.
Here is a table highlighting top 10 most affected US states by cyberattacks, their annual victim counts, and their respective risk scores.
Rank | State | Total Annual Victim Counts (2020 – 2023) | Risk Score (Out of 10) |
---|---|---|---|
1 | Colorado | 10,776 | 7.96 |
2 | New York | 27,205 | 7.84 |
3 | Nevada | 10,551 | 7.62 |
4 | California | 69,668 | 7.51 |
5 | Missouri | 7,911 | 7.46 |
6 | Florida | 42,188 | 7.39 |
7 | Utah | 4,410 | 7.28 |
8 | Washington | 13,676 | 7.09 |
9 | Virginia | 11,707 | 7.08 |
10 | Delaware | 2,235 | 6.96 |
Colorado
With a 7.96 risk score, Colorado is the no. 1 ranked state regarding cyberattack risks. The Centennial State has a population of 5,877,610. Among them, 10,776 have been reported as cyberattack victims since 2023. Although Colorful Colorado has only seen a 3.8% increase in victims since 2017, the 58.7% increase in losses that amounts to $104,476,603 highlights a significant financial loss.
The healthcare and education sectors are most at risk, as data breaches compromise patient records and academic information and disrupt daily services. These industries have legacy systems and limited budgets, making them easy targets for cyberattacks.
For instance, in August 2024, Rhysida breached Axis Health’s networking system and posted patient and employee information on the dark web. They demanded 25 Bitcoin ($2.34 million at 93,656.38 USD per bitcoin as of 2024) as ransom for the data. So, there is an alarming need for threat detection and prevention strategies in Colorado that can stop such attacks, save money, and allow operational efficiency.
New York
New York is the second-riskiest state for cyberattacks in the US, with a risk score of 7.8. The Empire State has 19,571,216 residents, and 27,205 have been victims of cyberattack since 2020. Since 2017, the number of victims has increased by 14.4%, and financial losses have soared by 75.7%, amounting to over $440 million.
New York is a prime target for cybercriminals, especially in the healthcare and public health, financial, and government sectors that power its economy. Phishing and Business Email Compromise (BEC) have resulted in financial fraud and reputational damage.
The Legislative Bill Drafting Commission ransomware attack of April 2024 halted the bill drafting process and allowed unauthorized access to 730 individuals’ driver’s license numbers, credit card information, and Social Security numbers.
With the volume of high-value transactions happening daily in New York, it’s an attractive playground for sophisticated attackers. The state’s interconnected systems and reliance on advanced technology are strengths and weaknesses as they expose financial networks to potential breaches. Addressing these vulnerabilities is key to protecting its global economic leadership.
Nevada
Ranked as the third state with the most cyber attack risk, Nevada has a risk score of 7.62. The Silver State has 3,194,176 residents and reported a total victim count of 10,551 since 2020, which is a 27.6% increase from 2017 to 2023. This marks a financial loss of $44,994,168.
Nevada’s dependence on hospitality and gaming makes it an attractive target for cyber attacks. Ransomware and malware have increased, causing significant disruptions in casino operations and compromise of guest data, affecting the industry’s revenue and customer trust. These attacks exploit the state’s heavy reliance on digital infrastructure for booking systems, gaming tech, and online payments.
For example, the MGM Resorts ransomware attack by Scattered Spider, a subgroup of ALPHV ransomware gang, in September 2023, caused a $100 million loss.
With tourism and entertainment as the backbone of Nevada’s economy, the impact of these cyber threats goes beyond financial loss, so robust cybersecurity frameworks are needed to protect the state’s reputation and economic stability.
California
California, with a 7.51 risk score, is placed in the fourth position of most targeted states in the US by cyber attackers. With 656,847,391 annual losses from 2020 to 2023, it has the most annual victim losses, surpassing second-place New York by a $200+ million loss. The Golden State has seen an increase of 28.7% and 28% in victim counts and annual losses, respectively.
As a global tech and entertainment hub, the state’s tech startups, entertainment companies, and critical infrastructure are constantly attacked by cybercriminals for intellectual property, personal data, and financial gain.
In 2024, high-profile cyber attacks in California were recorded, like the LA County Superior Court and the HACLA ransomware attacks, disrupt operations, damage reputation, and expose trade secrets. California’s vast digital landscape drives innovation but also attracts advanced cyber threats in different industries of the state. So comprehensive cybersecurity is key to protecting its economy and global influence.
Most Targeted Industries in 2024 by Cyber Criminals
Cybercriminals targeted government, healthcare, education, and manufacturing the most in 2024. The total number of ransomware attacks from these sectors totaled to 875.
Below is a table reflecting the ranking of the top 4 industries with the most ransomware attacks in 2024.
Rank | Industry | Total Number of Attacks | Mean Ransom Payments |
---|---|---|---|
1 | Government | 280 | $7.4 million |
2 | Healthcare | 240 | $4.4 million |
3 | Education | 195 | $7.5 million |
4 | Manufacturing | 160 | $2.3 million |
Government
Government agencies have seen a massive surge in attacks, with 280 documented cases in 2024. Election interference and espionage are the top vectors as attackers are after classified information or disrupt the democratic process.
A notable example was the breach of the City of Flint’s online bill pay system in August 2024, which disrupted online and check payments for utilities and taxes. Ransomware attacks demanding outrageous payouts also crippled several municipal services, including water and power systems, for around a month. Outdated infrastructure and a lack of threat detection tools make government entities an easy target.
Healthcare
Healthcare recorded 240 attacks in 2024, with a median ransomware payment demand of $1.5 million. The average ransom demand is $4.4 million, as attackers know how critical healthcare operations are. Notable breaches include the attack on Access Sports Medicine & Orthopedics in New Hampshire, which exposed over 80,000 patient records. The volume of attacks is due to the sector’s interconnected systems and vast stores of patient data. Common attack vectors are ransomware, phishing attacks on healthcare employees, and outdated medical device and system security.
Education
Educational institutions are among cybercriminals’ prime targets, with 195 ransomware attacks in 2024. These attacks have delayed academic operations, compromised student data, and cost institutions millions in recovery.
A shocking incident is the ransomware attack on 157-year-old Lincoln College in California, which permanently shut down after its devastating financial loss of $100,000 ransom and enrollment shortfalls.
The top attack vectors are phishing attacks on students and faculty and exploiting unsecured remote learning platforms. Tight budgets and decentralized IT infrastructure make educational institutions easy targets.
Manufacturing
Manufacturing has seen a significant surge in attacks, with 160 in 2024 that disrupted supply chains and operational technology systems. Attackers are increasingly targeting industrial control systems (ICS) and Internet of Things (IoT) devices, causing significant downtime and financial loss.
A notable example was the Play ransomware attack on Microchip Technology that shut down production lines for days, accounting for a $21.4 million loss as cybersecurity incident expenses.
Malware and Distributed Denial of Service (DDoS) attacks are the most common vectors as the industry struggles to secure legacy systems and adapt to new threats that demand the requirement of managed IT services for manufacturing firms.
The Most Commonly Reported Cyber Attacks in 2024
The three most commonly reported cyber attacks in 2024 are ransomware attacks, DDoS attacks, and election interference. Ransomware brings down critical services with unprecedented demands, while DDoS exploits weaknesses in network defenses to cause industry-wide disruptions. Election interference exposes vulnerabilities in democratic systems, erodes public trust, spreads misinformation, and exposes gaps in electoral cybersecurity. Together, these threats show the sophistication of cybercriminals and the need for advanced security and proactive defenses to mitigate the impact.
Ransomware Attacks
Ransomware is malicious software that encrypts an organization’s files, making them inaccessible until a ransom is paid. The attackers usually demand ransom in cryptocurrency. They generally use phishing emails and exploit vulnerabilities to get into a system to deploy the ransomware.
In 2024, 58% of US organizations were hit by ransomware, with global losses expected to reach $265 billion by 2031, as per Cybercrime Magazine. The average ransom demand in the US was over $5 million per incident, exceeding the global average of $4.3 million.
Double extortion tactics, where the attackers encrypt files and threaten to release them, have been an uprising trend. These attacks mainly target the healthcare and manufacturing industries as they rely on continuous operations and contain sensitive data.
DDoS Attacks
Distributed Denial of Service (DDoS) attacks flood a network or server with traffic to cause disruptions and take online services down. These attacks use botnets and amplification to maximize impact. In 2024, DDoS attacks surged with a 118% year-over-year increase in Q3.
The 2023 report revealed that the number of DDoS attacks per customer increased by 94%, according to the “Global Threat Analysis Report” from Radware. Finance (30%), technology (22.2%), healthcare (14.2%), and government (11.5%) were the most affected industries.
The most commonly used attack methods were NTP Amplification, HTTPS Flood, DNS Amplification, and other multi-vector attacks like UDP Attack, Memcached Attack, UDP Fragmentation Attack, and HTTP Flood.
Election Interference
Election interference refers to cyber activities that disrupt election processes, steal sensitive data, and influence voter behavior. Common methods used to infiltrate election systems and online platforms are phishing campaigns, malware, and DDoS attacks.
In the 2016 US elections, hackers attempted to hack the election system in 21 states before the presidential election. Both major political parties running for the Oval Office were targeted.
Likewise, the 2024 presidential election was threatened by Iran-back hackers. They targeted individuals from the Trump and Biden-Harris campaigns using phishing schemes and social engineering techniques. This effort aimed to find vulnerabilities to spread conflict and distrust towards the U.S. electoral process.
How Captain IT Can Assist Businesses in Cyber Protection in 2025?
As a leading managed service provider in Los Angeles, our services include real-time threat detection to identify and neutralize threats before they cause damage, ransomware protection to protect critical data, and regulatory compliance to meet industry standards.
We offer 24/7 IT support services to keep operations and systems secure from breaches. We provide cybersecurity training workshops and webinars to equip teams with proper knowledge and best cybersecurity practices. This helps employees identify potential cyber threats and implement countermeasures effectively.
Captain IT also provides comprehensive cybersecurity solutions tailored to combat advanced threats such as ransomware, phishing schemes, Distributed Denial of Service (DDoS) attacks, and zero-day vulnerabilities in 2025.
Using our expertise, businesses can strengthen their defenses, minimize vulnerabilities, and be operationally resilient in this digital age.