The public sector experienced nearly 50 times more cyber incidents than any other industry in 2014, and government agencies consistently cite devising robust, agile cybersecurity initiatives as a top priority. As threats continue to evolve in both scale and capacity, it is increasingly essential that organizations implement measures to continuously detect, monitor, and address both external and internal vulnerabilities.
In an effort to learn more about the perspective of public sector employees on cybersecurity, Government Business Council conducted a flash poll on the following question:
GBC received responses from 160 federal, state, and local government employees. Nearly 90% stated that they were concerned or very concerned about the impact of cyber attacks; only 5% were not very concerned or not at all concerned about potential breaches. The results also reveal cybersecurity to be a more pressing concern for state and local organizations than for their federal counterparts: 96% of state and local respondents were concerned or very concerned about breaches, a 13-point difference from the percentage of federal employees expressing a similar level of concern.
Lack of resources might make cybersecurity a more pressing issue for state organizations -- according to a 2015 survey of state CIOs, 64% cited insufficient funding as a major barrier against addressing cyber threats, and 62% cited inadequate availability of security professionals. There is also a disconnect between perception of state cybersecurity capabilities and reality: while 60% of state officials had a high level of confidence in the ability of states to defend against attacks, only a quarter of state CISOs responded likewise.
Moving forward, state and federal agencies should continue to invest in developing a cohesive cybersecurity strategy, recruiting and retaining personnel with the relevant skill set, and sharing threat information and best practices across organization. As federal CIO Tony Scott puts it, “Cyber threats cannot be eliminated entirely, but they can be managed much more effectively. And we can best do this by aligning and focusing our efforts, by properly funding necessary cyber investments, by building strong partnerships across government and industry, and by drawing on the best ideas and talent from across the country to tackle this quintessential problem of the 21st century.” GBC will revisit this topic in future research posts.