"Rebooting" public sector cyber security


US government agencies are confident 

in their overall cybersecurity strategies

but do their operational 

capabilities ensure 

positive outcomes?

As a target for security threats, the public sector is unique, experiencing more cyber incidents than any other industry. US federal, state and local government agencies need to improve key aspects of their digital defenses against this threat landscape. According to a recent Accenture survey, many respondents are highly confident about their cybersecurity programs overall, while far fewer feel the same about their performance at the operational level—especially when it comes to monitoring, identifying and measuring cyber breaches. Based on the survey findings, Accenture believes government agencies need to “reboot” their cybersecurity strategies to address critical gaps and to align the security program with their overall mission. The best rebooting approach is one that clearly defines cybersecurity success and “pressure tests” capabilities; spends wisely on innovation; makes security everyone’s job; and leads from the top of the organization.

Key Findings

Key Findings

Most government executives express high levels of confidence that their cybersecurity strategies are achieving desired outcomes. However, confidence levels begin to drop when it comes to monitoring, identifying and measuring breaches.

And while many federal agencies consider cybersecurity a top priority that they have completely embedded in their cultures, most also admit attacks are often unpredictable. In fact, almost 90 percent of respondents agree with the statement, “cyberattacks are a bit of a black box; we don’t quite know how or when they will affect our organization.”

When a breach does occur, over two-thirds (67 percent) of respondents say their agencies turn to “communication channels to law enforcement” as their most effective response, followed by their own internal cross-functional teams (66 percent) and standard operating procedures (50 percent). While bringing in a third party can be effective, it relies on the abilities of the agency’s own security personnel to monitor and identify breaches in the first place, which requires strong cybersecurity capabilities.

Furthermore, many agencies are aware that the tools and technologies they use to safeguard digital assets do not provide the protection they require. In fact, fewer than 15 percent of government respondents say their “established technology and/or start-up technology” is effective when responding to breaches.

Nearly 70% of federal respondents (and around 40 percent state and local respondents) consider cybersecurity a top priority that they have completely embedded in their culture.



The majority of respondents are confident that their cybersecurity strategies are working in three key areas:

88% Protecting organizational infromation
82% Protecting citizen and customer data
61% Protecting employee privacy

At the same time, only about one third expressed satisfaction with their
organization’s abilities in three critical areas:

  1. Monitoring

  2. Identifying

  3. Measuring breaches



As the velocity and aggressiveness of cyberattacks escalate, government agencies need to adopt new strategies to identify and respond to rapidly evolving security threats. For many, that will necessitate a cybersecurity “reboot,” one that recognizes success will require an end-to-end approach that considers threats across the spectrum of their service offerings and the agency´s ecosystem.

Government departments can deal effectively with the high-impact cyber threats they face by pursuing the following actions:

Define cybersecurity success

Define cybersecurity success,
and then “pressure test” capabilities by engaging good-guy “white hat” external hackers in real “sparring matches” with agency’s cybersecurity team to quickly determine its skill levels.

Make security everyone’s job

Make security everyone’s job 
To build a culture of cybersecurity awareness, agencies should view state-of-the-art cybersecurity as an organizational mindset.

Spend wisely on innovation

Spend wisely on innovation, 
looking across seven key cybersecurity domains, which include cyber response readiness and cyber resilience, to spot security gaps and close them.

Lead from the top

Lead from the top 
Security leaders need to step beyond traditional comfort zones and materially engage with agency leadership on a day-to-day basis.

As cyberattack velocity and aggressiveness escalates, government agencies need to reboot their security strategies to deal with today's cyber realities.

Who we are

Who we are

Gus Hunt

Gus Hunt

Managing Director and Cybersecurity Practice Lead, Accenture Federal Services

Follow Gus Hunt on Twitter. This opens a new window. Connect with Gus Hunt's Profile on LinkedIn. This opens a new window. Mail to Gus Hunt. This opens a new window.

Lalit Kumar Ahluwalia

Lalit Kumar Ahluwalia

Health & Public Sector Security Lead

Connect with Lalit Kumar Ahluwalia's Profile on LinkedIn. This opens a new window. Mail to Lalit Kumar Ahluwalia. This opens a new window.

Cyber In Transition

Cyber in transition