The United States Government Accountability Office (GAO) says it found 23 federal agencies lack proper cybersecurity measures to address oncoming challenges for the 2020 Presidential Election in a new report. 

Although the 23 federal agencies GAO reviewed almost always designated a risk executive, they often did not fully incorporate other key practices in their programs: 

• Twenty-two agencies established the role of cybersecurity risk executive, to provide agency-wide management and oversight of risk management.
• Sixteen agencies have not fully established a cybersecurity risk management strategy to delineate the boundaries for risk-based decisions.
• Seventeen agencies have not fully established agency- and system-level policies for assessing, responding to, and monitoring risk.
• Eleven agencies have not fully established a process for assessing agencywide cybersecurity risks based on an aggregation of system-level risks.
• Thirteen agencies have not fully established a process for coordinating between their cybersecurity and ERM programs for managing all major risks. 

Additionally, agencies face challenges with:

• Hiring and retaining key cybersecurity management personnel
• Managing competing priorities between operations and cybersecurity
• Establishing and implementing consistent policies and procedures
• Establishing and implementing standardized technology capabilities
• Receiving quality risk data
• Using federal cybersecurity risk management guidance
• Developing an agency-wide risk management strategy
• Incorporating cyber risks into enterprise risk management 

To read the full report, click here.