The Cyber Trap is Broken – 94 Percent of Federal Cyber Decision-Makers See Flaws in Today’s Cybersecurity Strategies
The Cybersecurity Executive Order Addresses a Fraction of Today’s Cybersecurity Challenges According to 72 Percent of Respondents, and 77 Percent are Focused on Compliance Over Long-Term Cyber Resilience
ALEXANDRIA, Va.–(BUSINESS WIRE)–Seventy-two percent of Federal cybersecurity leaders say the White House’s May 2021 Cybersecurity Executive Order (EO) addresses only a fraction of today’s cybersecurity challenges, according to a new study from MeriTalk, a public-private partnership focused on improving the outcomes of government IT.
The study – which surveyed 150 Federal cybersecurity leaders across Civilian and Department of Defense (DoD) agencies – found that, while the EO brings cybersecurity issues to the forefront, Federal cyber leaders need to shift gears to make real progress. The current focus is on the wrong aspects – 77 percent of respondents say their agency is focused on compliance over long-term cyber resilience.
As threats evolve, 77 percent agree their agency needs to better understand the attackers’ perspective to build a more proactive defense. Sixty-three percent say they currently utilize offensive tactics1 in their cybersecurity efforts – but do not feel their offensive security is very effective.
But there is a path forward. The study – underwritten by Leidos – found that 78 percent of leaders agree the biggest benefit of the EO is its elevation of cybersecurity to the top levels of government agencies. At the same time, 83 percent of surveyed individuals feel Federal leaders must do more to address full-spectrum cybersecurity, and 81 percent agree agencies must move beyond compliance to a more modern, agile, and effective cybersecurity model.
“Cyber threats are becoming more evasive and continue to evolve, but we must move beyond compliance to a modern, agile, and effective cybersecurity model,” said Meghan Good, Director of the Cyber Accelerator, Leidos.
Survey respondents were asked about current structural weaknesses within cybersecurity models, and what leaders should be focused on when designing new, more effective strategies for their organization. Federal leaders even struggle with opposing views on the likelihood of breaches, as 58 percent believe breaches are preventable, while 42 percent believe breaches are inevitable. The biggest design flaws in today’s Federal cybersecurity strategies, according to respondents, are compliance-based security (41 percent), cyber skills gap (37 percent), ineffective information sharing (35 percent), lack of senior management or executive-level support (35 percent), and lack of cyber culture (35 percent)
Agencies can arm the trap. Over the next five years, the most important steps agencies should take to help realize Federal cyber leaders’ visions are:
- Instilling a stronger culture of cybersecurity throughout the agency (41 percent)
- Improving the ability to track/understand what’s going on in their environment (37 percent)
- Maturing AI/ML (artificial intelligence/machine learning) applications (37 percent)
- Increasing use of automation (37 percent)
- Prioritizing pilot efforts/security innovation (37 percent)
The Beyond the Cyber EO: How to Build a Better Mousetrap report is based on an online survey of 150 Federal cybersecurity leaders across Civilian and DoD agencies. The report has a margin of error of ±7.97% at a 95% confidence level. To review the full findings, visit: meritalk.com/study/beyond-the-cyber-eo/.
The voice of tomorrow’s government today, MeriTalk is a public-private partnership focused on improving the outcomes of government IT. Our award-winning editorial team and world-class events and research staff produces unmatched news, analysis, and insight. The goal: more efficient, responsive, and citizen-centric government. MeriTalk connects with an audience of 160,000 Federal community contacts. For more information, visit https://www.meritalk.com/ or follow us on Twitter, @MeriTalk. MeriTalk is a 300Brand organization.
1 Offensive security is defined as: proactive approaches to cripple or disrupt adversary operations and deter future attacks (e.g., through deception)
703-883-9000 ext. 145