SecurityScorecard’s annual U.S. State and Federal Government Cybersecurity Report paints a very grim picture of the government’s cyber health status.
The study paints a grim picture of the overall cyber health of the nation's government entities. In the midst of investigations into a potential 2016 election hacking, regular major malware events, and an overall increase in the number of sophisticated cyberattacks, the report highlights that the government sector is lagging compared to almost every other industry. However, there are some standout performers that have demonstrated superior cybersecurity capabilities.
SecurityScorecard analyzed more than 500 federal, state, and local government agencies in the United States, compared this group to 17 other expansive industries, and evaluated this group's security capabilities across 10 categories. Key findings from the report include:
- Government organizations were ranked third from last (16th) in overall cybersecurity, even when compared to heavily-regulated industries like transportation, finance, energy, and healthcare.
- Government organizations fell significantly short in Network Security (13th), Application Security (11th), Leaked Credentials (12th), Patching Cadence (16th), Endpoint Security (17th), IP Reputation (16th), and Hacker Chatter (18th).
- Government organizations performed above the cross-industry average in three categories: DNS Health (2nd), Social Engineering (3rd), and Cubit Score (2nd).
"Since our last report in 2016, U.S. state and federal government cybersecurity issues have gained national attention," said Sam Kassoumeh, COO and co-founder at SecurityScorecard. "On an almost daily basis, the institutions that underpin the nation's election system, military, finances, emergency response, transportation, and many more, are under constant attack from nation-states, criminal organizations, and hacktivists. Government agencies provide mission-critical services that, until they are compromised, most people take for granted. This report is designed to educate elected officials, agency leadership, as well as government security professionals about the state of security in the government sector."