BALTIMORE, MD—A new study says Maryland is among the top ten states for cyberattack risk.
Cyberattacks continue to rise across the United States, creating serious threats to both public and private organizations. The FBI’s Internet Crime Complaint Center (IC3) reported a record number of complaints in recent years, with millions of incidents reported over the past five years and a significant portion occurring in 2024 alone.
To better understand which regions face the greatest digital threats, Cherry Servers, a high-performance cloud and bare metal server provider specializing in dedicated infrastructure solutions, has conducted a comprehensive analysis ranking all 50 states based on their vulnerability to cyber threats.
Maryland’s Cyber Risk Score of 51.8 indicates severe exposure to digital threats. Factors include attack frequency, workforce shortages, and insufficient state-level cybersecurity funding.
“What surprised us most was the stark contrast in cyber vulnerability across different states,” said a spokesperson for Cherry Servers. “Some regions we’ve traditionally viewed as tech-forward are actually sitting ducks for attacks due to funding gaps and security blind spots. The data paints a concerning picture that should serve as a wake-up call.”
The study evaluated states using six key factors: attack frequency, financial losses, ransomware impact, workforce readiness, phishing exposure, and state-level cybersecurity funding. Each factor was weighted according to its significance and normalized to create a Cyber Risk Score ranging from 0-100, with higher scores indicating greater vulnerability.
Table 1: Top 10 States Most At Risk Of Cyberattacks
| Rank | States | Cyber Risk Score |
| 1 | Nevada | 70.00 |
| 2 | New Jersey | 59.53 |
| 3 | Arizona | 56.86 |
| 4 | Wisconsin | 56.28 |
| 5 | Illinois | 54.83 |
| 6 | California | 54.75 |
| 7 | Alaska | 54.24 |
| 8 | Texas | 53.74 |
| 9 | Michigan | 53.00 |
| 10 | Maryland | 51.80 |
Nevada’s Perfect Storm of Cyber Vulnerability
Nevada ranks as the most vulnerable state with a staggering Cyber Risk Score of 70.00, significantly higher than any other state. This heightened risk stems from Nevada having 310 reported cyberattacks per 100,000 residents – the second highest rate in the country.
Despite this alarming attack frequency, the state allocates only a moderate $113,578 in cybersecurity funding per capita. When attacks do occur, they’re particularly costly, with an average financial impact of $20,317 per incident.
Nevada’s tourism and gaming industries, which rely heavily on digital infrastructure, make it an appealing target for cybercriminals. The state’s cybersecurity workforce shortage is also concerning, with only enough workers to fill 77.05% of available positions – well below the national average.
New Jersey: High-Value Targets
New Jersey ranks second with a Cyber Risk Score of 59.53, largely due to having the highest average cost per cyber incident at $36,004 – nearly 80% higher than the national average. This indicates that when attacks succeed in New Jersey, they tend to target high-value assets or companies.
The state faces additional challenges with 26.80 ransomware attacks per 100,000 companies, placing significant pressure on businesses. Despite being home to numerous financial institutions and pharmaceutical companies, New Jersey only allocates relatively modest cybersecurity funding per capita at $53,882.
Arizona: Underprepared for Attack Volume
Arizona ranks third with a Cyber Risk Score of 56.86, driven primarily by its high attack frequency of 223 reported incidents per 100,000 residents. The state’s growing technology sector and retirement communities create a mix of high-value targets and potentially vulnerable users.
Arizona’s companies experience 24.70 ransomware attacks per 100,000 businesses, while the average cost per cyber incident stands at $19,558. The state’s cybersecurity workforce can only meet 82.21% of current demand, creating significant gaps in defense capabilities.
Table 2: Top 10 States Least At Risk Of Cyberattacks
| Rank | States | Cyber Risk Score |
| 1 | Vermont | 18.37 |
| 2 | Wyoming | 20.02 |
| 3 | West Virginia | 21.94 |
| 4 | Maine | 27.83 |
| 5 | South Dakota | 29.85 |
| 6 | North Dakota | 29.94 |
| 7 | Mississippi | 31.80 |
| 8 | Missouri | 32.12 |
| 9 | Arkansas | 32.48 |
| 10 | New Hampshire | 34.75 |
Vermont: Leading in Cyber Safety
Vermont ranks as the safest state with a remarkably low Cyber Risk Score of 18.37. This strong position is primarily due to the state’s substantial investment in cybersecurity, with $544,626 allocated per capita – nearly five times the national average. This generous funding helps offset Vermont’s moderate attack rate of 108 incidents per 100,000 residents.
The state also benefits from low ransomware activity, with just 7.60 attacks per 100,000 companies. While Vermont’s cybersecurity workforce can only fill 73.10% of available positions, the state’s smaller population and significant funding create effective protection despite this shortage.
Wyoming: Strategic Investment Pays Off
Wyoming ranks second safest with a Cyber Risk Score of 20.02. Like Vermont, Wyoming invests heavily in cybersecurity, with $566,873 allocated per capita – the highest in the nation. This substantial funding helps mitigate the state’s relatively high attack rate of 142 incidents per 100,000 residents.
Wyoming also benefits from strong workforce readiness, with enough cybersecurity professionals to fill 95.14% of available positions – well above the national average. The combination of generous funding and skilled personnel creates a robust defense posture despite Wyoming’s smaller population and geographic isolation.
West Virginia: Workforce Advantage
West Virginia ranks third safest with a Cyber Risk Score of 21.94. Uniquely, West Virginia is the only state with a cybersecurity workforce surplus, able to fill 101.22% of available positions. This advantage, combined with low ransomware activity (9.70 attacks per 100,000 companies) and the lowest average cost per incident ($9,068), creates a strong security position.
The state also benefits from relatively low phishing susceptibility, with only 3.31 victims per 100,000 residents – suggesting effective public awareness and education programs.
Key Trends Revealed in the Data
Several important patterns emerge from this analysis. First, population density doesn’t necessarily correlate with cyber risk – Nevada ranks highest despite having a smaller population than many states lower on the list. Instead, factors like industry concentration, digital dependency, and security investment play more significant roles.
Second, states with substantial technology sectors don’t automatically face higher risks. California, despite being home to Silicon Valley, ranks sixth, while tech-heavy states like Washington and Massachusetts don’t appear in the top ten most vulnerable list at all. This suggests that technological sophistication can sometimes provide better defense capabilities.
Finally, there’s a clear connection between cybersecurity funding and risk levels. The five safest states all allocate over $239,000 per capita to cybersecurity initiatives, while none of the ten most vulnerable states match that level of investment.
Photo via Pixabay
Do you value local journalism? Support NottinghamMD.com today.
