Forty percent of federal cybersecurity executives who responded to an ISCÂ survey said their agencies still lack “effective” incident response plans nearly a year after theÂ U.S. government sufferedÂ a large-scaleÂ breach of employee and contractor records.
ISC said ThursdayÂ findings inÂ the nonprofit’sÂ 2016 State of Cybersecurity from the Federal Cyber Executive Perspective reportÂ were based on online and personal interviews of 56 senior-level cyber executives from the federal civilian, defense, intelligence and contracting sectors.
The KPMG-sponsoredÂ survey found that 52 percentÂ of respondents think aÂ government-wideÂ cyber sprint the Office of Management and Budget implemented last year in response to the massive Office of Personnel Management hack did not strengthen the overall security of agency information systems.
Fifty-nineÂ percent of executives surveyedÂ said their agenciesÂ have trouble understandingÂ how a cyber attacker can potentially access their systems and 41 percentÂ indicated theirÂ agencies are not aware of the location of their critical assets.
âClear reporting lines and accountability are foundations for a good cybersecurity program and we hope this report sheds light on this issue,” saidÂ Tony Hubbard, principal of KPMG.
ISC also found thatÂ 21 percentÂ of respondents could notÂ identify a senior leader who have sole responsibility of cybersecurity functions within their agencies.
Forty-percent said they considerÂ peopleÂ as the greatest cybersecurity asset or liability toÂ federal organizations.