Seventy-seven percent of federal cybersecurity leaders say their agency is focused on compliance over long-term cyber resilience — and they have insights as to how their focuses can shift to better protect their organizations.

A study from MeriTalk and underwritten by Leidos asked 150 federal cybersecurity leaders across civilian and Department of Defense agencies about the May 2021 cybersecurity executive order and how cyber leaders can best prepare for the future's threats.

The "Beyond the Cyber EO: How to Build a Better Mousetrap" report found that while the executive order brings cybersecurity issues to the forefront, federal cyber leaders need to shift gears to make real progress. 

As threats evolve, 77% agree their agency needs to better understand the attackers’ perspective to build a more proactive defense. Sixty-three percent say they currently utilize offensive tactics in their cybersecurity efforts — but do not feel their offensive security is very effective.

The biggest design flaws in today’s federal cybersecurity strategies, according to respondents, are compliance-based security (41%), cyber skills gap (37%), ineffective information sharing (35%), lack of senior management or executive-level support (35%) and lack of cyber culture (35%).

Regarding the executive order, 78% of leaders agree the biggest benefit of the statement is its elevation of cybersecurity to the top levels of government agencies. At the same time, 81% agree agencies must move beyond compliance to a more modern, agile and effective cybersecurity model.

Over the next five years, the most important steps agencies highlighted by study responses are:

• Instilling a stronger culture of cybersecurity throughout the agency (41%)
• Improving the ability to track/understand what’s going on in their environment (37%)
• Maturing artificial intelligence/machine learning applications (37%)
• Increasing use of automation (37%)
• Prioritizing pilot efforts/security innovation (37%)

To review the full report findings, click here.