Two-thirds of federal IT executives in a new survey say their agencies are moderately-to-highly prepared to withstand a cyberattack and continue to function. But a number of gaps in cybersecurity resilience remain.
Nearly 7 in 10 federal civilian agency IT leaders — and more than half (55 percent) of their defense and intelligence agency counterparts — say their agencies aren’t keeping pace with evolving threats, according to the study.
Though 2 in 3 respondents report their agency “has sufficient tools to identify cyberthreats,” well over half still say their agencies “don’t have all the tools and resources they need in place to respond to cyberthreats,” according to the new study, released by CyberScoop and FedScoop, and underwritten by RedSeal.
The study found about roughly two-thirds of IT officials surveyed say their agency can detect — and more than half say they can respond to — cybersecurity incidents within 12 hours. But tracking “incidents” may belie deeper threats lurking in networks, observed Wayne Lloyd, federal chief technology officer at RedSeal.
The study explored how resilient federal agencies are at withstanding cyberattacks, what tools and activities they rely on most to respond to identify and respond to attacks, and the top investment priorities and concerns of agency officials.
Executives are investing most heavily now in data and network protection tools and threat intelligence, but “they still need help overcoming a talent shortage of cybersecurity professionals,” said Wyatt Kash, SVP of Content Strategy at Scoop News Group, which publishes CyberScoop and FedScoop.
The findings are based on responses from more than 100 prequalified federal agency government IT, cybersecurity and mission, business or program executives. All respondents are involved either in identifying IT and network security requirements, evaluating or deciding on solutions and contractors, allocating budgets, or implementing or maintaining cybersecurity solutions. The study was completed in the first quarter of 2018.
Download the report, “Closing the gaps in cybersecurity resilience at U.S. Government agencies,” for detailed findings and guidance on how prepared agencies are to continue operating during an attack.