As cybercrime continues to evolve, businesses across the United States are becoming more vulnerable to costly cyberattacks. A new study by Kiteworks reveals that some states are at particularly high risk, with businesses in Colorado, New York, and Nevada facing the greatest threats.

Business email compromise (BEC) has been identified as the most financially devastating type of cyberattack in the United States, with total losses exceeding $1.7 billion since 2020 and an average loss of $88,350 per incident. This was followed by credit card and check fraud, which resulted in losses exceeding $516 million.

The most common type of cyberattack reported in the United States since 2020 was non-payment or non-delivery fraud, with more than 60,000 incidents. This form of cybercrime involves fraudsters tricking victims into paying for goods or services that are never delivered.

According to the study, Colorado ranked first among states for businesses at risk, with a score of 7.96. Despite its relatively small population, Colorado has seen a significant increase in financial losses related to cyberattacks, rising 58.7% since 2017 to more than $104 million. The state also reported an annual average of 10,776 cyberattack victims from 2020 to 2023.

New York follows closely behind with a risk score of 7.84. The state, home to 19.57 million people, has the highest number of annual cyberattack victims, with 27,205 incidents from 2020 to 2023. Financial losses in New York have also increased by 75.7% over the past four years, totaling more than $440 million.

Nevada ranked third with a risk score of 7.62. The state has seen a 27.6% increase in cyberattack victims over the past four years, with 10,551 victims annually and financial losses exceeding $44 million.

Other states highlighted in the study include California, Missouri, Florida, Utah, Washington, Virginia and Delaware, each of which face varying levels of cyberattack risk.

Patrick Spencer, a spokesman for Kiteworks, stressed the need for companies to adopt advanced security measures to combat these growing threats.

“By integrating email, file sharing, secure FTP, managed file transfer, and web forms into a private content network protected by a hardened virtual appliance, organizations can ensure that only authorized users have access to sensitive content. This approach provides advanced security, comprehensive governance, and regulatory compliance, ensuring sensitive content is protected,” said Spencer.