The experts at analyzed the most recent data from The Internet Crime Complaint Center (IC3) on the states most at risk of cybercrime attacks.  

Rank wise, South Dakota is the state most at risk of cybercrime, with an average loss of $59,960 per fraud complaint.  

Alabama is the second, with an average loss of $57,477 per complaint. The most frequent types of cybercrime are nonpayment/non-delivery, personal data breach, credit card fraud, identity theft, and social media. 

New York ranks third, with an average loss of $32,040 per complaint. The most frequent types of cybercrime in New York are nonpayment/non-delivery, identity theft, personal data breach, and social media. 

The top 10 is rounded out by Delaware, Massachusetts, Georgia, Vermont, New Jersey, California, and Kansas. 

At the other end of the scale, Indiana saw the lowest losses from cybercrime, with an average loss of $5,430 per fraud complaint. 

The research reveals personal data breach is amongst the leading types of cybercrime in most states, as well as nonpayment/non-delivery, extortion, and social media fraud. 

The research also reveals that business email compromise (BEC) — also known as email account compromise (EAC) — is the costliest type of fraud, ranking as the No. 1 most costly across 42 states. 

Frauds have been increasing every year in the US. The FTC’s Consumer Sentinel Network data book received 5.74 million reports of fraud in 2021, up from 4.87 million in 2020, representing an 18% increase. 

Organizations are losing an average of 5% of their revenue to fraud each year, and the estimated cost of fraud for U.S. financial institutions in 2021 was $4.2 billion. 

"Irrespective of which state one belongs to, when it comes to technology and data security, people (businesses included) should think about it in the context of risk management,” said a spokesperson. “They should consider the potential risks associated with any technology and take steps to mitigate those risks. This means adopting a proactive approach to data security, including regularly updating all software, using strong passwords, and being vigilant against phishing and other types of cyber threats. In essence, adopting a security-first approach to technology, where you are prioritizing data security over convenience and speed, and are willing to invest time and resources in cybersecurity measures, is the surest way of reducing and even preventing cybercrimes of such scale.” 

Underscoring the need for adopting a security-first mindset, Sprinto experts recommend digital businesses prioritize a “security-by-default” approach and invest in tools and programs that help keep data security in the line of sight.  

“Working securely is one thing,” said the spokesperson. “Working with the assurance of security is a whole other thing. For security-conscious businesses who want to cut their losses and operate on a strong footing, adopting compliant behaviors pays the best dividends. Compliant behaviors are universally regarded standards of security: They can be proven, objectively managed, and clearly audited. Being compliant is the easiest way to operate under the assurance of security and build trust with others. We built Sprinto with the intent to make monitoring security and compliance-related behaviors easy and effective.”