Comptroller says NY cyberattacks have surged 54% with over $775M in losses

A newly released report from State Comptroller Thomas P. DiNapoli reveals that cyberattacks in New York have risen by 53% from 2016 to 2022, with incidents targeting the state’s critical infrastructure nearly doubling in the first half of 2023.

Last year, New York experienced losses exceeding $775 million due to these attacks, contributing to the nation’s total of $10.3 billion. “Data breaches at companies and institutions expose New Yorkers to potential invasions of privacy, identity theft, and fraud,” DiNapoli remarked, stressing the mounting threat of ransomware attacks on essential systems. Notably, New York ranked third nationally in 2022 for both ransomware attacks and corporate data breaches, following California and Texas, and California and Florida, respectively.

Efforts to counteract this increasing threat are in motion. In 2022, the Governor appointed a state chief cyber officer, leading the new Joint Security Operations Center. This center serves as a cyber coordination hub for New York, linking local, regional, and federal entities to share information, detect threats, and respond to incidents.

The Governor also rolled out the first statewide cybersecurity strategy in August, paving the way for New York to tap into additional federal funds. Simultaneously, DiNapoli’s report highlighted the cyber vulnerabilities of New York’s local governments and schools, detailing past attacks and offering guidance to enhance their cybersecurity.

From 2019 to mid-2023, over 2,400 cybersecurity-related issues were identified through more than 190 IT audits by DiNapoli’s division.