Network Assured shared the results of a recent study on cybersecurity risk that looked at which U.S. states had suffered the most data breaches in 2022. The study looked at data breaches from all industries to rank the states where businesses faced the highest risk of cyberattack. It also reported the number of data breaches relative to each state government’s investment in cybersecurity initiatives.
Network Assured compared data from State Attorneys Generals and the Department of Health and Human Services (HHS) Centers for Medicare and Medicaid Services (CMS) Office of Civil Rights’ (OCR), along with public reporting of state budgets for cybersecurity.
It also compared data breach statistics with the number of registered business entities in each state to establish a “breaches per 1,000 business entities” value that helped rank each state’s relative cybersecurity performance.
Cybersecurity risk in America: no one is safe
While expectedly, California, with its high concentration of businesses in technology and health care recorded the highest number of data breaches at 1,338, the relatively small state of Maryland ranked fifth worst in the nation with 343 breaches.
Other study results indicated that:
- Three of the worst 10 data breaches of 2022 were against companies in California. Two of those three data breaches were against the same company: Twitter.
- Despite being the nation’s worst state for data breaches, the state government of California spends less on cybersecurity than New York, Texas, Florida and even Maryland.
- In 2022, Florida had more than four times the number of data breaches per 1,000 registered health care entities than any other state in the country. It recorded 4.73 breaches per 1,000 health care entities, compared to New York’s 1.15.
- Texas was the third worst state in the country for data breaches despite having the highest state government budget for cybersecurity endeavors, at $800 million dollars.
Is government spending on cybersecurity effective?
The study suggests that a state government’s investment in cybersecurity programs does not correlate with a reduction in the risk of data breaches in that state. Texas committed more to cybersecurity initiatives in 2021 than any other state, at $800 million. Despite this, it ranked third worst in the nation for its number of data breaches.
Other states have taken a more proactive approach to their cybersecurity risk. After suffering a number of high-profile breaches, Maryland committed more than $200 million to cybersecurity initiatives in 2022, more than the cybersecurity investments of California and New York combined.
Lack of transparency around breaches increases cybersecurity risk
The study revealed that certain states — New York being one — do not maintain a public record of data breaches, even though they require companies to report them. According to study author Aaron Weissman, “This harms the residents of a state. If there are no transparent records of security incidents or data breaches supported by state laws, there is no straightforward way for individuals to be certain they haven’t been impacted by a breach, and take the necessary measures to protect themselves.”
Other states have a much better reporting system for data breaches, like Texas, that publicly records all reported breaches, including the type of information that was compromised and the number of Texans affected.
To see the complete findings, including the states that incurred the least data breaches, along with full color charts, please see visit the study here.