This Is the State Most At-Risk of Cybercrime, According to New Data

Updated: Apr. 26, 2023

The top state will likely surprise you, and it turns out that where you live may put you at increased cybersecurity risk.

Cybercrimes have been consistently rising, and the Federal Trade Commission (FTC) reported that reported fraud losses were up a whopping 30% in 2022 over 2021, costing consumers $8.8 billion. The increase from 2020 to 2021 was 18%. Cybercrime knows no physical boundaries, but some states are hit harder than others. The top state will likely surprise you, and it turns out that where you live may put you at increased cybersecurity risk.

Knowledge is power here, and you can take advice from cybersecurity experts that will improve your online security, which includes educating yourself on the signs you’re about to be hacked.

Which states have the highest levels of cybercrime?

A Gloved Hand inserts key with asterisks into keyhole, cyber crime conceptBoris Zhitkov/Getty Images

According to the experts at, a security compliance automation platform provider which analyzed the most recent data from The Internet Crime Complaint Center (IC3) in the United States, South Dakota is the state most at risk of cybercrime, with an average loss of $59,960 per fraud complaint. The crimes most reported are non-payment/non-delivery, extortion, personal data breach and social media.

Coming in second, Alabama residents show an average loss of $57,477 per complaint. “The most frequent types of cybercrime are non-payment/non-delivery, personal data breach, credit card fraud, identity theft and social media,” says a spokesperson from

New York ranks third, with an average loss of $32,040 per complaint. experts say “the most frequent types of cybercrime in New York are non-payment/non-delivery, identity theft, personal data breach and social media.”

Looking at South Dakota on a map—and considering the low population—you may wonder what makes this remote state without any major metropolitan areas such a hotbed for cybercrime.

“When you dig a little deeper, you quickly realize there’s a very good reason for the troubling stat: South Dakota is a banking juggernaut, with over $3.3 trillion in banking assets—nearly 20% of all the banking assets in the entire United States,” explains Monica Eaton, who deals with the financial consequences of scams and data theft as the founder of Chargebacks911, a company that helps consumers reverse charges to their debit or credit cards after fraud. “And furthermore, over 3,000 South Dakotans are directly employed by the banks,” Eaton says. “So, if you were a cybercriminal who focused on financial crimes, there’d be an excellent reason to focus on South Dakota: That’s where the money is!”

“Alabama is a rural state with a heavy military population and defense industry, and for certain cybercriminals—and certain fraud schemes—these demographics are appealing,” Eaton explains. “Cybercriminals tend to cluster in regions and industries that provide the easiest path to someone else’s money, and these clusters can leave a geographic footprint.”

Which states have the least cybercrime?

The states least impacted by cybercrimes are North Dakota, with $8.6 million in losses and 588 complaints; Wyoming, with $10.7 million in losses and 716 complaints; Alaska, with $13.5 million losses and 1,307 complaints; and West Virginia, with $13.1 million in losses and 1,505 complaints.

Remember, though, that these states ranking low in cybercrimes are relative to population. Wyoming, for example, has 123 complaints per 100,000 residents and South Dakota, which ranks first, has 86 complaints per 100,000 residents.

How to protect yourself against cybercrime

A Hand In A Black Leather Glove Holding An Access key reaches through computer screen to steal personal data conceptNadia_Bormotova/Getty Images

“Irrespective of which state one belongs to, when it comes to technology and data security, people (businesses included) should think about it in the context of risk management,” a spokesperson advises.

Rebecca Moody, head of data research at Comparitech, says they track internet privacy legislation by state to see where citizens’ online data is most (and least) protected. “We score states based on 25 key criteria to give them a score out of 100%,” Moody says. The worst-scoring states are Idaho at 6% (1.5/25), Pennsylvania and Mississippi at 8% (2/25), and South Dakota and Iowa at 10% (2.5/25).

“None of these states have comprehensive data privacy laws and none protect IoT data, biometric data, geolocation data, employee data, minors’ data, e-reader privacy or the use of AI,” Moody says. “Only South Dakota offers some protection to genetic data when it comes to the use for insurance purposes and internet service providers (ISPs) are able to share customer data without explicit consent and law enforcement has unwarranted access to service provider data on users.”

Moody further points out that “All of them have failed to introduce laws on data disposal, electronic monitoring by employers, social media monitoring by employers and educational institutions, and to govern data brokers.”

Whether it’s knowing how to spot a fake QR code, protecting yourself from Amazon email scams or gift card scams or brushing up on the latest phishing and romance scams, there’s a lot you can do to protect yourself with diligence, and monitoring accounts is at the top of the list.