Although federal agencies are operating in an increasingly complex and dangerous cyber threat environment, two-thirds of federal IT managers lack confidence in their agencies’ cybersecurity posture, according to a recent study by MeriTalk, a public-private partnership focused on improving the outcomes of government IT.
The study, Cyber Convergence: The Nuts and Bolts, underwritten by General Dynamics Information Technology, is based on a survey of 150 federal information technology executives closely involved in their agencies’ cybersecurity efforts.
The survey results revealed that most federal IT managers are aware of the heightened threat environment, but only one in three give their agencies’ current cybersecurity efforts an “A” and only twenty-nine percent would rate their agency’s efforts to incorporate more innovation within their cybersecurity strategy in the past two years as “very effective.”
MeriTalk identified four key pillars—training, governance, budget, and innovation—of an effective cybersecurity strategy. Less than a quarter of federal agencies address all four pillars in their cybersecurity strategy, according to the report.
The respondents identified security training as the area that could benefit most from an additional cybersecurity budget. They estimated that forty-three percent of cyber breaches could be prevented through improved training.
The federal IT managers also said employee feedback and collaboration play an important role in improving cybersecurity innovation.
To increase federal cybersecurity preparedness, MeriTalk recommended that agencies assess which areas need improvement and rebuild their cybersecurity strategies to address training, governance, budget, and innovation. In particular, agencies should be looking at how they can improve their security training efforts, which the respondents identified as a weak link in their cybersecurity strategies.