Cyberattacks on U.S. government and critical infrastructure surged in 2023. According to Forescout Research, there were more than 420 million critical infrastructure attacks globally between January and December 2023. At 13 attacks per second, this is a 30 percent increase from 2022. The United States stands as the primary target, with 168 threat actors in 2023, more than the second and third most targeted countries combined.
Cyber Threats by US State
Data collected by Network Assured which U.S. states have experienced the most data breaches over time, up until 2022.
| Position | State | Incidents Reported |
|---|---|---|
| 1 | California | 1,338 |
| 2 | New York | 618 |
| 3 | Texas | 581 |
| 4 | Florida | 458 |
| 5 | Maryland | 343 |
| 6 | Illinois | 343 |
| 7 | Pennsylvania | 279 |
| 8 | Ohio | 266 |
| 9 | Georgia | 255 |
| 10 | Massachusetts | 248 |
It found:
- California had the highest number of reported data breaches, with 1,338 incidents
- New York and Texas followed at 618 and 581, respectively
When looking at a per capita basis, things shift. The FBI's 2023 Internet Crime Report analyzed the number of cyberattack victims per 100,000 people in each state.
| Position | State | Attacks per 100,000 Resident |
|---|---|---|
| 1 | Alaska | 319 |
| 2 | Nevada | 310 |
| 3 | Delaware | 260 |
| 4 | Arizona | 223 |
| 5 | California | 198 |
| 6 | Colorado | 198 |
| 7 | Washington | 187 |
| 8 | South Dakota | 184 |
| 9 | Florida | 182 |
| 10 | South Carolina | 181 |
Their results identified:
- Alaska had the highest rate of cyberattack victims at 318.8 per capita
- Nevada had the second-highest rate at 309.7, followed by Delaware at 260.4 per capita
Alaska Has the Highest Exposure Per Capita
All states are working to boost their cybersecurity measures to protect against evolving threats, but some states have higher exposure than others. As revealed in the 2023 FBI Internet Crime Report, Alaskans are more likely to be victims of cybercrime than other state populations.
As of 2022, 99.1 percent of business infrastructure in Alaska is small to midsized-sized businesses (SMBs). The FBI is concerned that SMBs are seen as “soft targets” by attackers; according to retired FBI Supervisory Special Agent Scott E. Augenbaum, they often lack the financial resources and skill sets to combat emerging cyber threats. This prompted the FBI field office in Anchorage to launch a cybersecurity awareness campaign.
“Small businesses are particularly vulnerable, as they often lack the financial resources and expertise to combat emerging cyber threats,” notes Dan Kline, Partner and COO at Great Lakes Advisory. He also believes that “digital agencies play a crucial role in helping SMBs bolster their defenses against these increasing risks and that by partnering with these agencies, small businesses can implement advanced threat detection tools to prevent becoming “soft targets” for cybercriminals.
California Has the Highest Risk Profile
California has more data breaches than the second and third hardest-hit states put together. The European Repository of Cyber Incidents reveals that critical infrastructure is a top target for cybercriminals. California may have the highest cybersecurity risk profile due to its high concentration of technology and critical infrastructure.
In the same report by Network Assured, three of the 10 largest data breaches in 2022 occurred in California, and despite this, California's cybersecurity spending is lower than New York, Texas, Florida, and Maryland.
Government and Critical Infrastructure Attacks in California
California has faced a surge in cyberattacks, targeting government agencies, hospitals, and educational institutions.
Among the most disruptive was the August 2023 ransomware attack on Los Angeles-based Prospect Medical Holdings. The organization, which operates 17 hospitals and 166 outpatient clinics across the US, had its network hacked and its devices encrypted.
The data breach affected hundreds of thousands of employees and patients. More than half a million social security numbers were stolen, along with other personal data, including driver’s licenses, passports, financial documents, and sensitive medical data.
Rhysida, a notorious ransomware group, claimed responsibility and attempted to sell the stolen data on the dark web for 50 bitcoins, valued at around $1.5 million at the time. The nature of the attack and its far-reaching effects across Prospect Medical’s network serve as a reminder of how easily cyber vulnerabilities can escalate into a full-scale crisis.
Fortifying Our Digital Defenses
With sensitive information on the line, there needs to be a better way to defend against cyber threats to critical infrastructure and governments. As the landscape evolves, so too must the strategies employed to protect these systems. FBI Special Agent Spencer Evans says complacency is the biggest problem—he told KSNV’s Steve Wolford: “Everybody says it's not going to happen to you, and yet the number of victims every year continues to go up and up.”
To protect critical infrastructure, governments must prioritize cybersecurity investments, conduct rigorous risk assessments, and foster strong collaboration with the private sector. By implementing advanced threat detection tools and maintaining a proactive stance, organizations can significantly enhance their resilience against cyberattacks, preserving the safety and well-being of communities.
Discover how Huntress can defend your organization from cyber threats, safeguard critical infrastructure, and protect sensitive data. Schedule a free demo today.
