Which state is most concerned about cybersecurity?

data breach notification law by stateAs President Obama proposes a new federal data breach notification law to simplify the current patchwork of state data breach notification laws, we decided to take a deeper look into which states are most concerned about cybersecurity.

Recent high-profile data breaches affecting the likes of Home Depot, Target, and JPMorgan Chase have shone the spotlight on how companies handle sensitive information. But in some states, people are more cautious than others.

According to Google’s Keyword Planner, which monitors the number of monthly web searches in different parts of the world, and the state population per thousand, Americans in Wyoming, Montana and Iowa search most frequently for the term ‘cyber security’ according to their population by size.. Meanwhile, those least concerned by cybersecurity can be found in Rhode Island, Virginia and Maryland*.


‘Cyber Security’ searches in Google.com per 1,000 of population

Wyoming  58
Montana  51
Iowa 44
Mississippi 42
Arkansas 42
Louisiana 42
Wisconsin 41
Kentucky 40
North Dakota 36
Alaska 33
Maine 32
 Utah 31
Idaho 31

It’s hard to say what drives these results – you might expect higher results from California courtesy of its Silicon Valley, Maryland due to its proximity to Washington and political awareness, or even Virginia because it’s the home of the CIA. Or maybe those states just prefer Bing.

Cybersecurity and ISO 27001

We also looked at the same 50 states to determine the number of Google.com searches for the term ‘ISO 27001’ – the best-practice standard that sets out the requirements of an information security management system (ISMS).

The graph below shows our findings:

Correlation between cyber security and iso27001 searchesLMS = Local monthly searches

There is a general upward trend, indicating that states that recognize the importance of cybersecurity are also more aware of ISO 27001.  This suggests that Americans are referring to the Standard as a means of becoming cyber secure.

Getting cyber secure

Until the Personal Data Notification and Protection Act is enacted, organizations across the US must comply with the state data breach notification laws relevant to where they operate.

The best way to do this is to implement and maintain an information security management system (ISMS), as laid out in the international information security management standard, ISO 27001.

ISO 27001 presents a comprehensive and logical approach to developing, implementing, and managing an ISMS, and provides associated guidance for conducting risk assessments and applying the necessary risk treatments.

IT Governance is a specialist in the field of cybersecurity and has led hundreds of successful certifications to ISO 27001 around the world.

Our ISO 27001 packaged solutions give US organizations online access to world-class expertise. Each fixed-priced solution is a combination of products and services that will enable you to implement ISO 27001 at a speed and for a budget appropriate to your individual needs.

ISO 27001 Packaged Solutions


*It’s important to note that:

  • Figures do not include data from other search engines, like Bing, Yahoo, etc.
  • Only the term ‘cyber security’ was analyzed as it is a broad term that is widely known and popular within the industry.