Only 13 percent of government employees take personal responsibility for cybersecurity, survey finds

  • Just 13 percent of government employees believe they have complete personal responsibility for the security of their work devices or information, according to a survey by security services firm Dtex Systems.
  • One in three employees believed they were more likely to be struck by lightning than have their work data compromised.
  • This is all despite rapidly growing threats: one in 131 emails contained malware in 2017, and ransomware attacks increased 36 percent on the previous year.
Linus Strandholm | EyeEm | Getty Images

Public sector employees in the U.S. have little concern about their personal cybersecurity responsibilities, according to a survey.

Just 13 percent of government employees believe they have complete personal responsibility for the security of their work devices or information, the report carried out by analytics firm YouGov and published by security firm Dtex Systems said.

Forty-eight percent of those surveyed said they had no responsibility at all, believing the securing of data to be squarely the remit of IT professionals. Roughly half of respondents believed that being hacked was inevitable no matter what protective measures they took, while 43 percent simply didn't believe they could be hacked.

Few people surveyed seemed to take seriously the likelihood and frequency of cyber threats — one in three employees believed they were more likely to be struck by lightning than have their work data compromised.

When looking at what government employees feared most, the survey said: "Only 14 percent report being afraid of someone infiltrating their organization and stealing files, trailing far behind potential scenarios such as a government collapse or food poisoning, and ranking it just three percentage points higher than alien invasion."

Unprecedented threat from cyber attacks

This apparent apathy comes despite a staggering increase in cyberattacks in the past few years, and frequent reports of cyber threats from domestic and foreign actors in news headlines.

Cyberattacks at both commercial and governmental levels are more of a threat than they've ever been before — in 2016, the U.S. government spent $28 billion on cybersecurity. That's up from just $7.5 billion in 2007, and it's expected to increase in 2018.

Research from software firm Symantec revealed that one in 131 emails contained malware in 2017. Ransomware attacks increased 36 percent on the previous year.

"We're all — as individuals, as organizations and as a country — facing near-constant security attacks from trusted insiders, malicious cyber criminals or nation-state actors," said Christy Wyatt, CEO at Dtex Systems.

"With the increasing regularity and broad scope of insider-related incidents and breaches, it is critical that public sector organizations improve security protocols and double down on intelligence-based, user-centric technology investments."

Security experts have repeatedly stressed the urgency of keeping data safe and adopting a culture of cyber security literacy in the private sector and in government. Being aware of attack techniques and threats like phishing links, and using a number of different passwords that are changed frequently, are important steps.

The report, entitled "Uncovering the Gaps: Security Perceptions and Behaviors of Today's Government Employees," collected responses from more than 1,000 public sector employees in the U.S. with security clearances working at a federal, state or local level.