The State of Cyber

This article is an excerpt from GovLoop’s recent guide,”How to Play Your Role in Cybersecurity.” Download the full guide here

The 2018 “Enhancing the Resilience of the Internet and Communications Ecosystem” report to the president clearly states:

“To enhance the resilience of the Internet and communications ecosystem against distributed threats, all stakeholders must recognize and be prepared to execute their roles and responsibilities.”

Cybersecurity is not a strategy to be executed in the back offices of agency IT departments. While technology and security professionals continue to play a leading role in securing government information, cybersecurity depends on every agency employee today. The escalation of cyberattacks, both in volume and sophistication, makes it imperative that every public servant has an eye on security.

Frontline employees must secure their devices, follow cyber hygiene protocols and help identify potential insider threats in real time. Procurement professionals must ensure that everyone has the right technology and that it’s easy to secure from the time of deployment. Agency leaders must create and enforce robust cyber policies that tackle threats holistically, coordinating across technological, organizational and cultural aspects.

Here are a few statistics that highlight the state of cybersecurity in government.

Risks and Attacks

State and Local:

FY 2016 Agency-reported incidents by attack vector:

  • Other 11,802
  • Equipment loss or theft 5,690
  • Web-based attack 4,868
  • Improper usage 4,130
  • Email/phishing 3,292
  • Impersonations/spoofing 64

Prevalence of cyberthreats across state governments:

  • Phishing, pharming and other related variants 47%
  • Social engineering 42%
  • Ransomware 29%
  • Increasing sophistications and proliferation of threats (e.g., viruses, worms and malware) 14%
  • Exploits of vulnerabilities from unsecured code 8%


Strategies and Funding

State and Local: 

Cybersecurity incident/data breach reporting and handling:

  • Established and funded 43%
  • Not in place 32%
  • Established, not funded 21%
  • In progress 4%

Top cybersecurity initiatives for 2016:

  • Training and awareness 39%
  • Monitoring/security operations centers 37%
  • Strategy 29%
  • Governance 29%


Cybersecurity is a journey during which strategies must change along with on-the-ground dynamics and escalating risks. To ensure that your agency is maintaining the most effective, organization wide cybersecurity strategy, make sure your employees — from the frontline analyst to the highest-ranking executive — are involved in the process of cybersecurity.

Leave a Comment

Leave a comment

Leave a Reply