May 19, 2016 by Canadian Underwriter
More than half of polled federal cyber executives in the United States said they don’t agree that the government’s response to last summer’s massive Office of Personnel Management (OPM) data breach has improved their agency’s security.
The State of Cybersecurity from the Federal Cyber Executive Perspective – An (ISC)2 Report, released on Thursday, revealed that the OPM breach that compromised the personnel records of 21.5 million current, former and retired federal employees and contractors in June 2015 wasn’t the wake-up call many thought it would be, despite U.S. President Barack Obama’s call-to-action imposed on federal agencies.
In fact, 52% of respondents disagree that the call-to-action exercise improved the overall security of federal information systems. Twenty-five per cent of respondents said their agency made no changes in response to the OPM data breach; and still, a year later, 40% of respondents surveyed believe their agency lacks an effective response plan.
The survey was conducted by (ISC)², a not-for-profit membership body of certified cyber, information, software and infrastructure security professionals worldwide, with over 114,000 members in more than 160 countries. The survey, which was sponsored by KPMG LLP, includes responses from 54 cyber executives in the U.S. federal government, including those working in defence, intelligence and civilian agencies and the U.S. contracting industry. Respondents can be characterized as senior-level and highly experienced, with nearly 90% having worked in cybersecurity for more than 10 years and 30% for more than 20 years.
Other key findings included:
“I’m greatly concerned about the apparent lack of accountability this survey found, with 21% of respondents indicating there is no senior leader in their agency solely responsible for cybersecurity,” said Tony Hubbard, KPMG principal who advises federal agencies on cyber risk. “Clear reporting lines and accountability are foundations for a good cybersecurity program and we hope this report sheds light on this issue. We look forward to the appointment of a federal CISO – that’s a step in the right direction.”