A new report analyzes the threats and vulnerabilities to small and mid-market businesses within the country’s 50 largest cities.

For the second year in a row, Las Vegas was identified as the nation’s most cyber insecure metro, followed by Houston and New York City. In addition, Salt Lake City, St. Louis and Seattle-Tacoma ranked as the least vulnerable cities to cyberattack. Cybersecurity in the City: Where Small Businesses Are Most Vulnerable to Attack, is the first report issued by Coronet since it revealed America’s most cyber insecure airports in the summer of 2018.

To generate the report, Coronet collected and analyzed data from:

  • One million endpoints spanning all operating systems
  • 24 million networks (public and private)
  • 320,000 SaaS accounts (Dropbox, Box, Slack and Salesforce)
  • 270,000 Gmail and Office 365 email accounts

The data, which was collected and analyzed over the previous 12 months, originated from more than 93 million security events that were automatically mitigated by Coronet. In total, each event represented vulnerabilities that could be exploited by adversaries to gain access to cloud data, steal data or damage it.

America’s Top 10 Most Insecure Metros
1. Las Vegas
2. Houston
3. New York City
4. Miami-Fort Lauderdale
5. Harrisburg-Lancaster
6. West Palm Beach-Ft. Pierce
7. Hartford-New Haven
8. Birmingham
9. Indianapolis
10. Sacramento-Stockton

America’s Top 10 Least Vulnerable Metros
1. Salt Lake City
2. St. Louis
3. Seattle-Tacoma
4. Austin
5. Albuquerque-Santa Fe
6. Phoenix
7. Oklahoma City
8. Cincinnati
9. Columbus (OH)
10. Cleveland-Akron

“The intent of this report is to demonstrate that each city possesses unique attributes which make them more or less vulnerable in terms of cyber risks,” said Guy Moskowitz, founder & CEO, Coronet. “It’s not surprising that business destinations like Las Vegas and New York are relatively more vulnerable given the density and attractiveness to attackers. Increasingly, small and midsized businesses are being targeted by criminals who see them as easier strike targets. It’s our hope that this research will help demonstrate the risks present in different markets and encourage small businesses to take a more proactive stance towards improving their cybersecurity posture.”

Coronet aggregated and evaluated data on potential damages that could be caused by attackers and existing vulnerabilities in the 50 largest DMAs, which together account for almost 70 percent of the entire U.S. population. For each DMA, Coronet combined and standardized a device vulnerability score with an infrastructure vulnerability score to obtain an overall Threat Index score.

To calculate the infrastructure score, Coronet scanned Wi-Fi and cellular networks for attackers and vulnerabilities. Based on its proprietary algorithms, attackers were then identified and ranked on their potential to cause damage. Networks and nodes were also evaluated for vulnerabilities and misconfigurations that are susceptible to data leaks, phishing and other attack scenarios. For device scoring, Coronet conducted a detailed security posture evaluation on more than one million devices in order to detect malicious activity, the number of infected devices, device vulnerabilities and the integrity of connected operating systems. In addition to network and device vulnerabilities, the final Threat Index score takes into account the risk data collected from over 270,000 email accounts and 320,000 SaaS accounts such as Dropbox, Box, Salesforce, Slack and others.