What is working well in agencies’ cybersecurity strategies, and what needs to change? If an agency could rebuild its cybersecurity today, with no budget or talent restrictions, what would it look like? MeriTalk, in partnership with Forcepoint, surveyed 150 federal IT managers and leaders to find out.
The new report, Federal Cybersecurity in a Changing World, garnered feedback from federal IT practitioners on the state of cybersecurity today, challenges they encounter in formulating their ideal agency-wide strategy, future priorities, cybersecurity ROI and more.
Three Key Themes Emerged from the Report:
1. Cybersecurity is a top priority, but attention is not converting to action:
Over 80% of Federal IT managers agree cybersecurity is a top or high priority within their agency and more than 3 out of 4 say their agency’s focus on it has increased due to changing telework demands. However, only 11% of Feds say their agency’s current cybersecurity is identical to the ideal system they described- with the main obstacles include budget, legacy infrastructure and migration complexities.
Takeaway: As one leader stated in an in-depth interview, “we have a really good cyber program based on three pillars – people, process, and technology. Without one of those three pillars, the house falls.” Taking a human-centric approach to cybersecurity and understanding first how your people interact with data enables your agency to better adapt to evolving threats and risk in real time and ensure all three pillars are operating in sync.
2. Leading agencies are focused on cyber agility and communication:
34% of respondents described themselves as ‘leaders’ and interestingly, while cybersecurity remains a high priority for all, just 34% say their senior leaders are fully engaged with their organizational strategy. Additionally, leaders were significantly more likely to give their agency the highest possible rating in digital maturity, cybersecurity talent and cybersecurity ROI.
Takeaway: Expedited by COVID-19, the need to enable an increasingly remote workforce is here to stay – and the move to cloud will only expedite the need to fortify your agency’s networks and systems. As your agency becomes more remote, it is critical for leaders to remain engaged with their teams and regularly communicate priorities for mission alignment and leadership buy-in.
3. An ideal cybersecurity strategy is proactive and risk-focused:
Among others, some key challenges to formulating a cybersecurity strategy include cloud migration and understanding evolving cybersecurity threats and technical vulnerabilities. Regarding current priorities, increasing agility is a top priority and when asked about an ideal strategy, respondents agree that it is proactive, and risk focused. Looking ahead, respondents are most concerned about the threat of malware and poor system administration and believe AI will be the most valuable to their agency.
Takeaway: If given the chance to rebuild, Feds would start with a zero-trust model and ensure full-scope visibility into the network. Moving forward, they see the ideal cyber strategy as proactive and risk-focused. By increasing collaboration and entering into strategic partnerships with both government and industry, agencies can realize their ideal system and ensure new investments to bring them closer to their goal.
If you had no budget or talent restrictions, what would your agency’s cybersecurity look like today? Unfortunately, we can’t start from scratch but by discussing ideal strategies and continuing to collaborate across public and private sector, your agency/agencies can realize a more agile, proactive and modern cybersecurity posture. Read the full report today and sign up for our upcoming webinar where leaders from Forcepoint’s Federal division will discuss what federal agencies can learn additional takeaways from the and practical considerations for implementing their ideal cyber strategies.