New York lost $775M in cyberattacks on critical infrastructure in 2022, report says

New York had the third highest number of ransomware attacks and corporate data breaches in 2022, behind California and Texas.
The George Washington Bridge
The George Washington Bridge in Midtown Manhattan, New York, New York. (Getty Images)

Cyberattacks on New York’s critical infrastructure are on the rise, according to a report the state comptroller’s office released last week. The state experienced more than 25,000 cyberattacks in 2022, up 53% from 16,400 incidents in 2016, costing the state in excess of $775 million. 

Critical infrastructure attacks involve systems and assets that are vital for the functioning of society, the economy and national security, the report said.

“Cyberattacks are a serious threat to New York’s critical infrastructure, economy and our everyday lives,” DiNapoli said in a statement to the Times Union. “Data breaches at companies and institutions that collect large amounts of personal information expose New Yorkers to potential invasions of privacy, identity theft and fraud.”

Attacks against critical infrastructure in New York last year included nine incidents in health care and public health, eight incidents in financial services and seven incidents in both commercial and government facilities.


“Even more troubling are incidents such as ransomware or distributed denial of service attacks that have the potential to shut down systems that we rely on for water, power, health care and other necessities,” DiNapoli said in the report.

Relative to other states, New York had the third highest number of ransomware attacks and corporate data breaches in 2022, trailing only California and Texas for ransomware attacks and California and Florida for corporate data breaches. 

The report identified several weaknesses in New York’s cybersecurity, including the use of unsupported applications, unknown data on systems, poor access controls and a lack of monitoring system changes.

To reduce the severity and frequency of cyberattacks in the state, the comptroller’s office recommended stronger cybersecurity awareness training and establishing contingency plans in the likelihood of future incidents.

“As technologies become more advanced, those who seek to exploit technological vulnerabilities also evolve. Protecting against this threat requires committing to a path of constant innovation to proactively protect and remain ahead of the curve,” the report said. 

Sophia Fox-Sowell

Written by Sophia Fox-Sowell

Sophia Fox-Sowell reports on artificial intelligence, cybersecurity and government regulation for StateScoop. She was previously a multimedia producer for CNET, where her coverage focused on private sector innovation in food production, climate change and space through podcasts and video content. She earned her bachelor’s in anthropology at Wagner College and master’s in media innovation from Northeastern University.

Latest Podcasts