Florida Cyber Threat Landscape: Current Risks and Trends

Florida occupies a distinct position in the national cybersecurity threat environment — a large, economically diverse state with major exposure points across tourism, healthcare, financial services, critical infrastructure, and government operations. This page maps the active threat categories, documented attack vectors, and structural risk factors that define the Florida cyber threat landscape. It draws on federal and state regulatory frameworks, published incident data, and sector-specific vulnerability profiles to describe how threats manifest and where risk concentrates.

Definition and scope

The Florida cyber threat landscape encompasses the full range of malicious digital activity targeting entities that operate under Florida jurisdiction — state and local government agencies, private-sector businesses, nonprofit organizations, educational institutions, and individuals residing in or transacting with Florida-based systems.

Threat landscape analysis, as structured by the Cybersecurity and Infrastructure Security Agency (CISA), segments threats along three axes: threat actors (nation-state, cybercriminal, insider, hacktivist), attack vectors (phishing, ransomware, supply chain compromise, credential theft), and target sectors (critical infrastructure, healthcare, finance, education). Florida's threat profile intersects all three axes with above-average density.

Scope and coverage note: This page addresses threats as they apply to Florida-based entities under Florida law and federal frameworks applicable within the state. It does not address the cybersecurity posture of federal agencies operating in Florida (which fall under federal authority exclusively), nor does it cover cybercrime originating from Florida but targeting out-of-state entities (which falls under federal jurisdiction through statutes such as the Computer Fraud and Abuse Act, 18 U.S.C. § 1030). For a broader orientation to how Florida fits into the national cybersecurity structure, the /index of this reference network provides entry points across the full sector.

How it works

Cyber threats operate through a structured kill chain. The MITRE ATT&CK framework, a publicly maintained knowledge base of adversary tactics and techniques, provides the dominant taxonomy used by Florida government agencies and private-sector security teams alike. Threat actors progress through recognizable phases:

1. Reconnaissance — Passive or active collection of information about target systems, personnel, and network architecture.
2. Initial Access — Entry through phishing emails, exploitation of public-facing applications, or valid credential abuse. Phishing remains the leading initial access vector documented in Florida incident reports, consistent with FBI Internet Crime Complaint Center (IC3) annual data showing Florida consistently ranking among the top five states by reported cybercrime losses.
3. Execution and Persistence — Malware deployment, backdoor installation, or scheduled task manipulation to maintain foothold.
4. Lateral Movement — Traversal across internal networks to reach higher-value targets, often exploiting weak segmentation in legacy systems common in Florida municipal environments.
5. Exfiltration or Impact — Data theft, ransomware encryption, or operational disruption. Ransomware specifically has disabled Florida municipal systems, water utilities, and school district networks in documented incidents reviewed by the Florida Department of Management Services (DMS).

Florida's regulatory context for cybersecurity includes Florida Statutes Chapter 282, which governs state agency information technology security, and the Florida Information Protection Act (FIPA), codified at Florida Statutes § 501.171, which sets breach notification obligations. Both statutes shape how incident detection and response are structured across covered entities.

Common scenarios

Four attack scenarios account for the majority of documented threat activity affecting Florida entities.

Ransomware against government and education targets. Florida municipalities and school districts represent high-value, under-resourced targets. Ransomware actors exploit unpatched systems and inadequate backup architecture. The /florida-ransomware-threats reference covers documented Florida ransomware incidents and sector-specific exposure in detail.

Business email compromise (BEC) and real estate wire fraud. Florida's high-volume real estate market creates sustained BEC exposure. The FBI IC3 reported that real estate-related BEC losses in the United States exceeded $446 million in 2022 (FBI IC3 2022 Internet Crime Report). Florida, as one of the top real estate transaction states by volume, absorbs a disproportionate share of that exposure. The /florida-real-estate-wire-fraud-cybersecurity reference details the specific workflow vulnerabilities exploited.

Healthcare data exfiltration. Florida's large healthcare sector — including major hospital networks, insurance providers, and a substantial Medicare/Medicaid population — makes it a persistent target for health record theft. HIPAA breach data published by the U.S. Department of Health and Human Services Office for Civil Rights (HHS OCR) documents Florida healthcare entities among the most frequently reported breach sources nationally. The /florida-healthcare-cybersecurity reference addresses HIPAA obligations and sector-specific threat patterns.

Social engineering and phishing targeting financial accounts. Florida's large retirement-age population and active financial services sector create concentrated phishing risk. Spear-phishing campaigns targeting Florida financial institutions and their customers exploit trust in branded communications. The /florida-social-engineering-phishing-threats reference maps the specific phishing taxonomies active in the state.

Decision boundaries

Not every cybersecurity incident in Florida triggers the same regulatory or operational response. Four classification questions govern how incidents are categorized and escalated:

State agency vs. private sector. Florida Statutes Chapter 282 and the Florida Digital Service mandate apply to state agencies. Private entities are governed by FIPA, federal sector-specific regulations (HIPAA, GLBA, FERPA), and applicable FTC standards. The obligations, timelines, and reporting chains differ materially.

Data breach vs. operational disruption. A ransomware attack that encrypts data without confirmed exfiltration may not trigger FIPA notification under § 501.171, which requires notification only when personal information is "accessed" by an unauthorized person. An attack with confirmed exfiltration triggers a 30-day notification clock under FIPA. This distinction drives incident classification decisions.

Critical infrastructure vs. commercial entity. CISA's 16 critical infrastructure sectors include entities operating in Florida — energy, water, transportation, healthcare, and financial services. Critical infrastructure operators face additional federal reporting obligations under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), separate from state law requirements.

Incident scope: in-state vs. federal jurisdiction. Cybercrime investigations in Florida involve the Florida Department of Law Enforcement (FDLE) for state-level offenses and FBI field offices (Miami, Tampa, Jacksonville, Orlando) for federal offenses under 18 U.S.C. § 1030. Jurisdictional boundaries determine which law enforcement body leads, which directly affects evidence handling and prosecution pathways.

Understanding where a given incident falls across these four boundaries determines the appropriate regulatory notification path, law enforcement engagement, and public disclosure requirements — all of which carry distinct deadlines and consequences under Florida and federal law.

References

• CISA — Cybersecurity and Infrastructure Security Agency
• MITRE ATT&CK Framework
• FBI Internet Crime Complaint Center (IC3) — Annual Reports
• FBI IC3 2022 Internet Crime Report (PDF)
• HHS Office for Civil Rights — Breach Portal
• Florida Department of Management Services — Cybersecurity
• Florida Department of Law Enforcement (FDLE)
• Florida Statutes § 501.171 — Florida Information Protection Act
• Florida Statutes Chapter 282 — Agency IT Security
• Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) — CISA
• Computer Fraud and Abuse Act — 18 U.S.C. § 1030 (Cornell LII)