A new report released by New York State Comptroller Thomas P. DiNapoli today shows that cyberattacks in the state have increased 53% since 2016, jumping from 16,426 incidents in 2016 to 25,112 in 2022. The report also found that New York had the third-highest number of ransomware attacks and corporate data breaches in the nation in 2022, trailing only California and Texas.
In one case, in 2019, the Syracuse City School District was hit by a ransomware attack. The district said cyber insurance covered all but a $50,000 deductible. “We expect the cyber insurance policy to cover the costs of this incident, subject to a $50,000 deductible,” the district said in a statement. The district did not reveal the entire cost of the incident.
The Comptroller report found that the most attacked critical infrastructure sectors through ransomware and data breaches in New York were Healthcare and Public Health, Financial Services, and Commercial Facilities and Government Facilities.
DiNapoli said that the report shows that cyberattacks are a serious threat to New York’s critical infrastructure, economy, and everyday lives. He urged the state to continue investing in cybersecurity, coordination, and vigilance.
The report also includes recommendations for local governments and schools to help them manage the risks associated with cybersecurity.
Key findings from the report:
- Cyberattacks in New York state increased 53% between 2016 and 2022.
- New York had the third-highest ransomware attacks and corporate data breaches in the nation in 2022.
- The most attacked critical sectors through ransomware and data breaches in New York were Healthcare and Public Health, Financial Services, Commercial Facilities, and Government Facilities.
- Estimated losses in New York from cyberattacks in 2022 totaled over $775 million.
- DiNapoli urged the state to continue investing in cybersecurity, coordination, and vigilance.
Recommendations for local governments and schools:
- Implement cybersecurity governance aspects such as training in IT security awareness, policies and procedures, and the need for contingency plans.
- Conduct regular cybersecurity audits to identify and address vulnerabilities.
- Keep systems and software up to date with the latest security patches.
- Implement strong authentication and access control measures.
- Monitor systems for suspicious activity and respond to incidents promptly.
The report is a reminder of the growing threat of cybercrime. It is important for businesses, governments, and individuals to take steps to protect themselves from these attacks.