Federal agencies, like all large global organizations, are under attack from bad actors. Though they share many of the same challenges as commercial entities (e.g., deficit of cybersecurity professionals and overabundance of segregated security technologies), they also face unique compliance requirements and acquisition challenges that complicate their approach to cyber resilience.
Existing long-term government procurement processes, combined with a systemic focus on compliance, can hinder effective federal cyber response. This makes it difficult to acquire and implement the right tools while also creating false confidence in the agency’s security.
Yet despite the challenges, results from Accenture’s Third Annual State of Cyber Resilience report demonstrate that federal agencies on average perform on par or better than the rest of the global population. But there is room for improvement when agencies are compared to the subset of respondents deemed “leaders” based on their survey responses.
Follow the leaders
A core group of leaders (which includes 28% of federal respondents) has shown that cyber resilience is achievable and can be reproduced. By investing for operational speed, driving value from these investments, and sustaining what they have, they are well on the way to mastering cybersecurity execution.
Leaders often take a more considered approach to their use of advanced technologies by choosing those which help deliver the speed of detection and response they need to reduce the impact of cyberattacks. The number of leaders spending more than one-fifth of their budget on advanced technologies has doubled in the last three years, and once they do invest in technology, they scale fast. The combined result is a new level of confidence from leaders in their ability to extract more value from these investments— and by doing so, exceed the performance levels of the non-leaders.
The federal case for managed cybersecurity
Our research documents that extraordinary disparities exist between high and low performing security organizations, including within the federal government. These disparities are often the result of:
- A talent gap: There is a massive deficit in available resources in the security industry. Finding qualified staff to manage an in-house security team is challenging.
- Technology complexity: There are more than 3,000 distinct cybersecurity vendors. Each organization’s security stack is different with varying levels of effectiveness. And each unique technology requires staffing.
- Functional capability gap: Some organizations are better equipped to manage and analyze security data to aid in better organizational decision making.
A cyber managed service can directly address each of the disparities to move agencies quickly into a stronger cyber resilient position, removing the complexity and false sense of security.
Furthermore, cyber managed services combat the inefficiencies and weaknesses that can result from slow government procurement processes. How can an agency choose technologies (often down to the SKUs) that will protect it from threats two years from now – let alone five years? They can’t make that decision effectively without knowing the unknowable, namely, what attacks will look like in the future, and what new technologies will be available to aid in defense.