The OPM hack has been making waves in the media. But less attention has been paid to the failure of the broader government to protect itself from cyber threats, which continue to multiply at an alarming rate.
In April, the Government Accountability Office released data on the number of information security incidents reported by federal government agencies over the last decade, and the findings are astounding. Between 2006 and 2014, incident reports exploded from 5,503 to 67,168 – an increase of more than 1,100%. However, it is important to note that not all of these incidents are breaches. And of the 67,168 reported incidents in 2014, only 27,624 involved personally identifiable information.
Additionally, the data in the report may indicate that the government is simply getting better at detecting events. But it does show that agencies and organizations must remain vigilant in order to stay on top of cybersecurity threats, which has proven difficult. According to the report, “for fiscal year 2014, 19 of 24 major federal agencies reported that deficiencies in information security controls constituted either a material weakness or significant deficiency in internal controls over their financial reporting. In addition, inspectors general at 23 of these agencies cited information security as a major management challenge for their agency.”