Which States Are Most at Risk for Cyberattacks on Government and Infrastructure?

Cyberattacks on U.S. government and critical infrastructure surged in 2023. According to Forescout Research, there were more than 420 million critical infrastructure attacks globally between January and December 2023. At 13 attacks per second, this is a 30 percent increase from 2022. The United States stands as the primary target, with 168 threat actors in 2023, more than the second and third most targeted countries combined.

Cyber Threats by US State

Data collected by Network Assured which U.S. states have experienced the most data breaches over time, up until 2022.

Position	State	Incidents Reported
1	California	1,338
2	New York	618
3	Texas	581
4	Florida	458
5	Maryland	343
6	Illinois	343
7	Pennsylvania	279
8	Ohio	266
9	Georgia	255
10	Massachusetts	248

It found:

California had the highest number of reported data breaches, with 1,338 incidents
New York and Texas followed at 618 and 581, respectively

When looking at a per capita basis, things shift. The FBI's 2023 Internet Crime Report analyzed the number of cyberattack victims per 100,000 people in each state.

Position	State	Attacks per 100,000 Resident
1	Alaska	319
2	Nevada	310
3	Delaware	260
4	Arizona	223
5	California	198
6	Colorado	198
7	Washington	187
8	South Dakota	184
9	Florida	182
10	South Carolina	181

Their results identified:

Alaska had the highest rate of cyberattack victims at 318.8 per capita
Nevada had the second-highest rate at 309.7, followed by Delaware at 260.4 per capita

Alaska Has the Highest Exposure Per Capita

All states are working to boost their cybersecurity measures to protect against evolving threats, but some states have higher exposure than others. As revealed in the 2023 FBI Internet Crime Report, Alaskans are more likely to be victims of cybercrime than other state populations.

As of 2022, 99.1 percent of business infrastructure in Alaska is small to midsized-sized businesses (SMBs). The FBI is concerned that SMBs are seen as “soft targets” by attackers; according to retired FBI Supervisory Special Agent Scott E. Augenbaum, they often lack the financial resources and skill sets to combat emerging cyber threats. This prompted the FBI field office in Anchorage to launch a cybersecurity awareness campaign.

California Has the Highest Risk Profile

California has more data breaches than the second and third hardest-hit states put together. The European Repository of Cyber Incidents reveals that critical infrastructure is a top target for cybercriminals. California may have the highest cybersecurity risk profile due to its high concentration of technology and critical infrastructure.

In the same report by Network Assured, three of the 10 largest data breaches in 2022 occurred in California, and despite this, California's cybersecurity spending is lower than New York, Texas, Florida, and Maryland.

Government and Critical Infrastructure Attacks in California

California has faced a surge in cyberattacks, targeting government agencies, hospitals, and educational institutions.

Among the most disruptive was the August 2023 ransomware attack on Los Angeles-based Prospect Medical Holdings. The organization, which operates 17 hospitals and 166 outpatient clinics across the US, had its network hacked and its devices encrypted.

The data breach affected hundreds of thousands of employees and patients. More than half a million social security numbers were stolen, along with other personal data, including driver’s licenses, passports, financial documents, and sensitive medical data.

Rhysida, a notorious ransomware group, claimed responsibility and attempted to sell the stolen data on the dark web for 50 bitcoins, valued at around $1.5 million at the time. The nature of the attack and its far-reaching effects across Prospect Medical’s network serve as a reminder of how easily cyber vulnerabilities can escalate into a full-scale crisis.

Fortifying Our Digital Defenses

With sensitive information on the line, there needs to be a better way to defend against cyber threats to critical infrastructure and governments. As the landscape evolves, so too must the strategies employed to protect these systems. FBI Special Agent Spencer Evans says complacency is the biggest problem—he told KSNV’s Steve Wolford: “Everybody says it's not going to happen to you, and yet the number of victims every year continues to go up and up.”

To protect critical infrastructure, governments must prioritize cybersecurity investments, conduct rigorous risk assessments, and foster strong collaboration with the private sector. By implementing advanced threat detection tools and maintaining a proactive stance, organizations can significantly enhance their resilience against cyberattacks, preserving the safety and well-being of communities.

‍Discover how Huntress can defend your organization from cyber threats, safeguard critical infrastructure, and protect sensitive data. Schedule a free demo today.