New research shows that pandemic-related cybersecurity risks are prompting government agencies to deploy new defenses against data breaches and network outages.
Remote work, an increase in cloud networking attacks and the complexity of IT infrastructure all heighten agencies’ vulnerability. In response, many agencies increased IT budgets last year and will do so again this year.
Research for the report, “Local, state and federal agencies gear up to fight cloud network attacks and data breaches,” was underwritten by Infoblox and conducted by CyberRisk Alliance Business Intelligence.
Cybersecurity stakes are uniquely high for critical infrastructure, where government often partners with private sector in management or regulatory compliance efforts. Successful attacks on utilities, transportation systems or military supply chains, for example, could be devastating, with catastrophic impacts for agencies and citizens. The most effective ways to reduce risk, according to respondents, are network monitoring (73%) and threat intelligence (66%).
The report is based on a survey of 294 senior-level federal, state and local government IT executives in October and November 2020. The majority of respondents (83%) are significant or final decision-makers for cybersecurity budgets and operations, representing agencies in healthcare/medical, military/defense, education, court/judicial and transportation.
The high cost of data breaches and network outages
For many agencies, the potential costs of a security event far outweigh the investment in risk mitigation. Among respondents whose agencies suffered a data breach, 55% estimated the financial loss at $2 million or more. For agencies that experienced a network outage, 36% said the average financial loss was between $1 million and $5 million.
Cyberattacks’ wide-ranging consequences contribute to their cost. Operational disruptions may be the most immediate impact of a network outage, cited by 61% of respondents. But agencies must also anticipate reputational damage (48%), loss of data or intellectual property (46%), breach notifications (38%), financial loss (37%) and legal ramifications (26%).
Because of the essential nature of many government services, including public safety and transportation, the worst scenarios could involve the loss of human life.
New threats and new vulnerabilities
Remote work has vastly expanded the threat landscape. Employees connect to government networks from untrusted or compromised home networks, using personal equipment that may not be secure. Citizens’ interactions with agencies have jumped significantly during COVID-19, creating new opportunities for scams and attacks that could compromise IT systems and government assets.
As IT leaders work to protect their organizations, their top concerns include:
- preventing network outages (40%)
- securing cloud application data (38%)
- preventing cloud breaches (35%)
- enforcing regulatory compliance (35%)
According to the report, other top challenges include educating employees to identify security risks (37%), mitigating risky end-user behavior (36%) and hiring and retaining qualified IT security staff (38%).
Government agencies increase IT security spending
The survey indicates that, to adapt to this complex and dynamic environment, the majority of agencies are investing in cybersecurity solutions.
In the survey, 67% of respondents said their agencies increased IT budgets last year, and 73% expected an additional increase in 2021. Over the next 12 months, 48% said their agencies would spend $1 million to $5 million to prevent breaches and network outages, with 36% planning to spend even more.
“Considering the average costs of a data breach, these proactive expenditures are sound investments in preventing data breaches that could spell disaster for government organizations,” the report notes.
For additional insights from the survey, included recommended risk management strategies, read the full report here.
For more information on how you can partner with CRA Business Intelligence, please contact Dave Kaye, Chief Revenue Officer.