U.S. Government Ranks Last Among Major Industries in Cybersecurity
Friday, April 15th, 2016
SecurityScorecard, the most accurate benchmark of cybersecurity risk across the entire business ecosystem, released its 2016 Government Cybersecurity Report - a comprehensive analysis that exposes alarming cybersecurity vulnerabilities across 600 local, state, and federal government organizations in the United States. The conclusions and rankings featured in the report are based on data derived from SecurityScorecard's patented security rating platform.
Among the report's findings are the following observations:
-
Across all industries surveyed by SecurityScorecard, including Transportation, Retail, Healthcare and more, U.S. government organizations received the lowest security scores. SecurityScorecard tracked 35 data breaches among all U.S. government organizations between April 2015 and April 2016.
-
Low-performing U.S. government organizations struggled the most with three categories of security measurements: Malware Infections, Network Security, and Software Patching Cadence.
-
Within state organizations with a SecurityScorecard grade below a 'B,' 90 percent of them scored an 'F' in Software Patching Cadence and 80 percent scored an 'F' in Network Security.
-
Among local organizations, 60 percent of low performers received an 'F' in Network Security, 50 percent received an 'F' in Software Patching Cadence, and 30 percent received an 'F' in IP Reputation (Malware).
-
NASA received the worst score among all 600 U.S. government organizations. Other bottom-performers include the US Department of State, and the IT systems of Connecticut, Pennsylvania, and Washington.
Each U.S. government organization was evaluated based on their overall security hygiene and security reaction time compared to their industry peers. SecurityScorecard also analyzed the specific scores of NASA, the FBI, and the IRS, all of which fell victim to data breaches in early 2016.
"With serious data breaches making headlines on what seems like a weekly basis, our team felt compelled to turn a spotlight on government agencies and determine which of them are demonstrating a commitment to securing their infrastructure and which are falling short," said Dr. Luis Vargas, Sr. Data Scientist at SecurityScorecard. "The data we uncovered clearly indicates that while some are improving their security postures, too many are leaving themselves dangerously exposed to risks and vulnerabilities, especially at the larger federal level."
The 2016 Government Cybersecurity Report identifies major U.S. government data breaches between April 2015 and April 2016. The report also features a competitive analysis that pits the U.S. government sector against the cybersecurity performances of 17 other major industries.