A recent report released by state Comptroller Thomas DiNapoli has raised significant concerns about the escalating threat of cybercrime in New York State.
DiNapoli’s investigation revealed a jarring 53% increase in cyberattacks between 2016 and 2022 in the Empire State, with the number of incidents surging from 16,426 to a staggering 25,112 over those four years.
The situation has only worsened in 2023, with a nearly twofold increase in attacks targeting the state’s critical infrastructure since last year. In the first half of 2023, there were 83 attacks on vital infrastructure systems, compared to 48 throughout the entirety of 2022 — including attacks on the power grid and water supply.
The financial toll of these cyberattacks is also substantial, as estimated losses in New York state exceeded $775 million in 2022. The national total during that time was $10.3 billion in losses.
“Cyberattacks are a serious threat to New York’s critical infrastructure, economy, and our everyday lives. Data breaches expose New Yorkers to potential invasions of privacy, identity theft, and fraud,” DiNapoli said in a statement. “The rise in ransomware attacks is particularly troubling, as they can disrupt systems essential for water, power, healthcare, and other necessities. Safeguarding our state from cyberattacks requires sustained investment, coordination, and vigilance.”
The report also found that in 2022 New York had the third-highest number of both ransomware attacks (135) and corporate data breaches (238) of any state in the country.
Additionally, New York had the fourth-highest number of cybercrime victims in the nation in 2022, with losses skyrocketing by an alarming 632% since 2016.
The critical infrastructure sectors most frequently targeted through ransomware and data breaches in New York state were Healthcare and Public Health, with nine incidents, and Financial Services, with eight incidents. Commercial Facilities and Government Facilities tied for third place, each experiencing seven attacks.
As cyberattacks continue to evolve in sophistication and scale, New York state is faced with the pressing challenge of fortifying its defenses against these digital threats to safeguard its citizens and infrastructure, according to DiNapoli.
The comptroller laid out a plan to combat the increasing threat, including investigation by cyber professionals into any weak points in security, and investments into plugging those holes.
“Cyberattacks are a serious threat to America’s critical infrastructure and have the potential to severely impact our day-to-day lives,” the comptroller said. “These incidents often result in data breaches for companies and institutions that collect large amounts of personally identifiable data. Data breaches expose New Yorkers to invasions of privacy, the possibility of identity theft and other types of fraud. Even more troubling are incidents such as ransomware or distributed denial of service attacks that have the potential to shut down systems that we rely on for water, power, health care and other necessities.”