SecurityScorecard released its annual U.S. State and Federal Government Cybersecurity Report, which paints a grim picture of the overall cyber health of the nation’s government entities.
Industry ranking by social engineering
In the midst of investigations into a potential 2016 election hacking, regular major malware events, and an overall increase in the number of sophisticated cyberattacks, the report highlights that the government sector is lagging compared to almost every other industry. However, there are some standout performers that have demonstrated superior cybersecurity capabilities.
SecurityScorecard analyzed more than 500 federal, state, and local government agencies in the United States, compared this group to 17 other expansive industries, and evaluated this group’s security capabilities across 10 categories.
Key findings from the report include:
- Government organizations were ranked third from last (16th) in overall cybersecurity, even when compared to heavily-regulated industries like transportation, finance, energy, and healthcare.
- Government organizations fell significantly short in Network Security (13th), Application Security (11th), Leaked Credentials (12th), Patching Cadence (16th), Endpoint Security (17th), IP Reputation (16th), and Hacker Chatter (18th).
- Government organizations performed above the cross-industry average in three categories: DNS Health (2nd), Social Engineering (3rd), and Cubit Score (2nd).
Industry ranking by endpoint security
“Since our last report in 2016, U.S. state and federal government cybersecurity issues have gained national attention,” said Sam Kassoumeh, COO at SecurityScorecard. “On an almost daily basis, the institutions that underpin the nation’s election system, military, finances, emergency response, transportation, and many more, are under constant attack from nation-states, criminal organizations, and hacktivists. Government agencies provide mission-critical services that, until they are compromised, most people take for granted.”