Several state agencies, boards, commissions and universities are allegedly failing to adhere to state cybersecurity laws, leaving Mississippians’ personal data vulnerable to hackers.

According to survey results published in a report from the Mississippi Office of State Auditor Shad White, many state entities are operating like state and federal cybersecurity laws do not apply to them, says the press release. As required by state law, the Auditor’s office sent a cybersecurity survey to 125 state agencies, boards, commissions and universities. Only 71 state entities responded to the survey, and several respondents did not complete it. This leaves the status of cybersecurity in more than 50 state entities completely unknown.

Among the government offices that replied to the survey, the report shows at least 11 do not have adequate written procedures to prevent or recover from a cyber attack. Another 22 respondents have not executed a third-party risk assessment. Having a third party test the vulnerability of an agency’s server is a requirement under state law, says the press release. Further, 38 percent of all respondents indicate sensitive information like health information, tax data and student information is not being encrypted to protect it from hackers.

In short, the survey found over half of all respondents are less than 75 percent compliant with state cybersecurity laws.

“This survey represents some excellent but alarming work by the data services division in the auditor’s office,” said Auditor Shad White. “October is cybersecurity awareness month, and we should start this month by acknowledging the very real weaknesses in our state government system. I personally have seen screenshots of other states’ private data on the dark web, and we do not need Mississippians’ personal information leaking out in the same way. The time to act to prevent hacking is now.”

The full report can be found here.