Skip to content ↓ | Skip to navigation ↓

According to a recent study, the overwhelming majority (90 percent) of U.S. federal agencies report feeling vulnerable to data threats.

The survey, conducted by analyst firm 451 Research in collaboration with Vormetric, analyzed the responses of 1,100 senior IT security executives at large enterprises worldwide, including more than 100 U.S. federal government organizations.

The report (PDF) revealed that 61 percent of U.S. federal government organizations had been subject to a data breach in the past, with nearly one in five respondents indicating the breach occurred in the last year.

Although many agencies also noted plans to increase security spending over the next 12 months, the report suggests their budgets may not be properly allocated to prevent the theft of sensitive data.

“The results showed that federal IT security professionals are like generals fighting today’s wars with the weapons of yesterday,” said Garrett Bekker, senior analyst at 451 Research.

U.S. government respondents listed network defenses (53 percent), such as firewalls, intrusion protection systems (IPS) and DLP, as well as analysis and correlation tools (46 percent) as the top categories for increased spending.

Meanwhile, data-in-motion and data-at-rest defenses, such as encryption, were at the bottom of the list in U.S. federal spending plans, with 40 percent and 30 percent, respectively.

“… Spending intentions reflected a tendency to stick with what has worked in the past… Clearly, there’s still a big disconnect between what we are spending the most of our security budget on and what’s needed to ensure that our sensitive data remains secure,” said Bekker.

Other key findings from the study included:

  • Skill shortages (44 percent) and budget constraints (34 percent) were named the top barriers to the adoption of strong data security.
  • 64 percent viewed compliance as either “very effective” or “extremely effective” (17 percent) for protecting sensitive data – up from 58 percent last year.
  • 76 percent of respondents identified cybercriminals and privileged users (64 percent) as the top external and internal threat actors.