Cyberattacks continue to escalate across the federal government with indirect attacks via third parties a growing threat. Fortunately, agencies are improving their ability to defend their environment but many wonder how much longer they can continue to invest at their current pace.
Federal cyberattacks on the rise
Globally, survey results reveal that the average total number of cyberattacks an organization faced dropped 11 percent over the course of a year, from 232 to 206 targeted attacks. During the same timeframe, we saw an even larger drop of 27 percent in the number of security breaches. On average, organizations globally now face 22 security breaches per year, compared with 30 in the previous year. This indicates the fundamentals for both discouraging and defending attacks are improving.
For federal agencies, the picture is different. The number of year-over-year attacks increased from 211 to 320, a 53 percent increase, but security breaches are lower, down from 30 to 17 security breaches per year. This marks a 43 percent reduction. Federal agencies outperform their global counterparts in successfully stopping breaches.
Despite this progress, there are hidden threats. Nearly half (45 percent) of federal agencies’ security breaches are now indirect, as threat actors target the weak links in their extended operation. This is modestly higher than global responses, where indirect attacks represent 40 percent of security breaches. This shift to indirect attacks blurs the true scale of cyberthreats.
With the growth in indirect attacks, organizations should look beyond their four walls to protect their operational ecosystems and supply chains. Fully 85 percent of federal respondents, in line with the global responses (83 percent), agreed their organizations need to think beyond securing their enterprises and take steps to secure their ecosystems to be effective.
Investment grows – but costs may be unsustainable
Surveyed organizations, on average, spend 10.9 percent of their IT budgets on cybersecurity programs (10 percent exactly for federal agencies). Leaders spend slightly more at 11.2 percent, which is insufficient to account for their dramatically higher levels of performance.
More than four out of five organizations globally and within the federal government are investing 20 percent or more of their budget in advanced technologies like artificial intelligence, machine learning and robotic process automation. A similar percentage (including 86 percent of U.S. federal respondents) agreed that cybersecurity tools have advanced significantly over the past few years and are noticeably improving their organization’s cyber resilience.
Three-quarters of federal agencies reported year-over-year cost increases for cybersecurity with twenty percent saying their costs increased over 25 percent. Sixty percent of federal agencies say that these costs increases are unsustainable. Cybersecurity technologies with the largest cost increases for federal agencies were network security, threat detection, and security monitoring.
Leaders realize greater ROI
Despite similar spending levels, our research found clear differences in terms of enterprise coverage, detection rate, remediation, and citizen or customer impact. Leaders are able to achieve significantly more return on investment.