Cyberattacks in New York have seen a significant surge, with incidents rising by 53% from 16,426 in 2016 to 25,112 in 2022. A report by State Comptroller Thomas P. DiNapoli reveals that attacks on critical infrastructure nearly doubled in the first half of 2023. The financial toll is staggering, with New York’s losses in 2022 surpassing $775 million and national losses reaching $10.3 billion. The state also had the fourth-highest number of cybercrime victims, with losses soaring by 632% since 2016.
DiNapoli emphasized the gravity of the situation, stating, “Cyberattacks threaten New York’s infrastructure, economy, and daily life. Data breaches expose New Yorkers to identity theft, fraud, and invasions of privacy. The rise in ransomware attacks jeopardizes essential services like water and power.”In 2022, New York ranked third in the nation for ransomware attacks and corporate data breaches, trailing only California and Texas in the former and California and Florida in the latter.
To combat these threats, the Governor appointed a state chief cyber officer in 2022 to spearhead efforts against cyber threats and bolster the state’s cybersecurity. This officer oversees the Joint Security Operations Center, a hub for cybersecurity coordination and information sharing. The Governor also introduced the state’s first cybersecurity strategy, unlocking access to federal funding.
The federal Cyber Incident Reporting for Critical Infrastructure Act of 2022 mandates cybersecurity reporting for critical sectors. A centralized data breach report database would help preemptively identify and respond to emerging cyber threats. Including local governments in this database is crucial. DiNapoli’s audits of state agencies revealed several technical vulnerabilities, such as poor access controls, unsupported applications, and a lack of system monitoring.
Furthermore, DiNapoli highlighted the cybersecurity challenges faced by New York’s local governments and schools. Recent cyberattacks, like the ransomware attack on the Syracuse City School District and Suffolk County, underscore the risks of inadequate cybersecurity measures. DiNapoli’s report offers guidance for local entities to mitigate these risks.
