State of Cybersecurity in Local, State & Federal Government

New study looks at the challenges in keeping agencies secure from attacks and threats.

Download the full research report.

The State of Cybersecurity in Local, State and Federal Government sponsored by Hewlett Packard Enterprise was conducted by Ponemon Institute to learn the challenges IT and IT security practitioners face in keeping various government agencies secure from attacks and threats. Similar to the private sector, government is the target of cybercriminals and nation state attackers. The recent Office of Personal Management (OPM) security breach is an example.

We surveyed 443 IT and IT security practitioners in the federal government and 402 IT and IT security practitioners in local and state governments who are familiar with their organization’s ability to defend against cybersecurity attacks and have some level of responsibility in directing cybersecurity activities.

A lack of skilled personnel is a challenge at both federal and state and local organizations. However, the challenge is more severe at the state and local level (62 percent say this is a major challenge). At the federal level, 53 percent of respondents say not having the necessary expertise is a disadvantage.

Both groups see lack of budgetary resources as an issue. State and local respondents say they are not as involved as they should be in sharing of threat intelligence. Federal respondents say it is dealing with organizational politics that keep them from achieving a strong cybersecurity posture within their organizations.

Top security threats differ between federal and state and local organizations. The primary security threat facing federal organizations is the negligent insider followed by the zero-dayattack and third party or contractor mistakes. State and local agencies say it is the failure to patch known vulnerabilities, negligent insiders and zero-day attacks. Federal respondents are far more concerned about nation-state attackers (30 percent) versus state and local respondents (16 percent).

State and local governments are not prepared to deal with cybersecurity threats. In many cases, the federal government has a much stronger cybersecurity posture than state and local governments. In fact, 60 percent of respondents describe the maturity level of theirorganization’s cybersecurity program or activities as mature, but only 38 percent of state and local respondents say their agencies have achieved that level of maturity in their cybersecurity initiatives.

The research also reveals the following four areas where the federal government is outpacing state and local agencies:

  1. Ability to recover. Fifty-five percent of federal respondents rate their ability to recover from a cyber attack as very high. In contrast, only 28 percent of state and local respondents say their ability is very high.
  2. Ability to prevent. Forty-one percent of federal respondents rate their ability to prevent a cyber attack as very high. In contrast, only 19 percent of state and local respondents rate the ability as very high.
  3. Ability to quickly detect. Forty-six percent of rate their ability to quickly detect a cyber attack as very high and 32 percent of state and local agencies are confident they would detect an attack.
  4. Ability to contain. Fifty-two percent of federal respondents say they rate their organization’s ability to contain a cyber attack as very high and 38 percent of respondents are very confident in being able to contain an attack.
Download the full research report.

Additional HP Resources