Forty percent of federal cybersecurity executives who responded to an ISC survey said their agencies still lack “effective” incident response plans nearly a year after the U.S. government suffered a large-scale breach of employee and contractor records.
ISC said Thursday findings in the nonprofit’s 2016 State of Cybersecurity from the Federal Cyber Executive Perspective report were based on online and personal interviews of 56 senior-level cyber executives from the federal civilian, defense, intelligence and contracting sectors.
The KPMG-sponsored survey found that 52 percent of respondents think a government-wide cyber sprint the Office of Management and Budget implemented last year in response to the massive Office of Personnel Management hack did not strengthen the overall security of agency information systems.
Fifty-nine percent of executives surveyed said their agencies have trouble understanding how a cyber attacker can potentially access their systems and 41 percent indicated their agencies are not aware of the location of their critical assets.
“Clear reporting lines and accountability are foundations for a good cybersecurity program and we hope this report sheds light on this issue,” said Tony Hubbard, principal of KPMG.
ISC also found that 21 percent of respondents could not identify a senior leader who have sole responsibility of cybersecurity functions within their agencies.
Forty-percent said they consider people as the greatest cybersecurity asset or liability to federal organizations.