Cyberattacks and data breaches are rising at an alarming pace. The threat landscape has expanded significantly, affecting the safety, privacy and economic stability of New Jersey residents and the organizations that serve them.
A phishing scam in November led to unauthorized access of a Princeton University database, potentially exposing personal information for more than 100,000 individuals, according to a class-action lawsuit. A breach of Conduent Business Services, a major payments contractor, in October 2024 affected state agencies and insurance providers.
The New Jersey Cybersecurity and Communications Integration Cell warns that attacks targeting public institutions, private organizations and residents will continue to grow in both volume and impact.
For Gov. Mikie Sherrill, strengthening the state’s cyber resilience and cybersecurity awareness should be at the top of her agenda. Recent trends reinforce the urgency: Worldwide, more than 12,000 breaches were disclosed in 139 countries, according to the 2025 Verizon Data Breach Investigation Report.
Employees remain the weakest link. The Mimecast State of Human Risk Report attributed 95% of data breaches in 2024 to human error, far surpassing vulnerabilities in technology itself.
This does not suggest that employees are incapable or careless; rather, it underscores the necessity of comprehensive training, strong policies and robust security technologies to reduce preventable risks. Employees are still the backbone of any strong cybersecurity ecosystem.
This is why cybersecurity awareness and education must become an essential cornerstone of New Jersey’s broader resilience strategy.
Inbox trouble
Phishing attacks and scams remain one of the most persistent and damaging cyber threats. These attacks trick individuals into clicking malicious links, downloading harmful attachments or revealing confidential information. Delivered primarily via email, phishing schemes rely on social engineering — manipulating human emotions and reactions to bypass technical safeguards.
The consequences are expensive and widespread. Businesses reported $2.9 billion in losses from phishing attacks in 2023, with an average $137,132 lost per incident, according to the FBI Internet Crime Complaint Center. A significant portion of these losses stemmed from business email compromise, one of the most financially devastating cybercrimes today.
Such attacks, which involve impersonating trusted individuals or institutions to induce unauthorized payments or disclose sensitive data, have surged. Hoxhunt, a risk management company, reported that business email compromises accounted for 73% of cyber incidents in 2024. These schemes do not exploit hardware or software — they exploit people.
Social engineering remains effective because it manipulates human psychology. Attackers exploit trust, urgency, fear and curiosity. Common forms include email-based phishing, SMS-based “smishing” and voice phishing, or “vishing.”
Business email attacks represent more than half of all social engineering attempts, and approximately 70% of organizations have been targeted, according to the Vipre Security Group. Industries most frequently affected include manufacturing (27%), energy (23%), retail (10%), utilities (7%) and real estate (6%).
The scope of these attacks shows that no sector is immune and each must prioritize awareness training.
‘Team of people’
Apple Inc. co-founder Steve Jobs said, “Great things in business are never done by one person. They are done by a team of people.” This principle directly applies to cybersecurity. Protecting New Jersey’s digital assets requires collaboration across state agencies, private organizations and senior executives, not just IT professionals.
Cybersecurity awareness training is the foundation of this collaborative defense. Training empowers employees to recognize, respond and report suspicious activity and contribute to a security culture.
Organizations offering regular phishing awareness programs have reduced employee susceptibility by as much as 80%, according to CyberPilot. Training reinforces critical behaviors such as avoiding suspicious links, maintaining strong passwords and identifying red flags.
Well-trained employees become a proactive and resilient “human firewall,” forming the first line of defense against threats, according to “Behind the Screen: Understanding the Human Firewall in Cybersecurity,” from the University of Albany.
NJ call to action
As a longtime technologist, I know firsthand that New Jersey’s stability depends on prioritizing cybersecurity resilience and awareness.
Sherrill’s administration has an opportunity and an obligation to confront the growing threat landscape with urgency and intention. This begins with ensuring that cybersecurity awareness training is not optional but essential across state agencies and strongly encouraged throughout the private sector.
Employees cannot prevent or report threats they do not recognize. Purposeful, ongoing and accessible cybersecurity education is critical to ensuring that our workforce is prepared. The state should consider advancing baseline training standards, strengthening public-private partnerships and promoting statewide awareness campaigns that support a culture of cyber vigilance.
New Jersey deserves nothing less than a comprehensive, people-centered approach to cybersecurity. With decisive leadership and statewide collaboration, Sherrill can help ensure that New Jersey is not only forewarned, but also forearmed.
