New research from big-data analytics company Splunk Inc. and IDG Inc.-owned Foundry finds that public sector organizations lack the cybersecurity intelligence they need and the problem is much worse than it is for the private sector.

The Splunk 2022 Public Sector Survey found that nearly half of public sector agencies struggle to leverage data to detect and prevent cybersecurity threats and 50% of the sector has issues leveraging data to inform cybersecurity decisions. Some 56% of public sector agencies were found to have difficulties leveraging data to mitigate and recover from cybersecurity incidents.

The report also dug into the data challenges directly affecting public-private partnerships. According to the report, 44% of public sector respondents indicate that shared cybersecurity intelligence available to them needs to be improved for their needs, compared with 29% of private sector respondents.

Despite a broader move toward cybersecurity intelligence sharing, the survey also found that public and private sector organizations are less likely to share cybersecurity intelligence outside their sector. Only 42% of public sector respondents report sharing data with the private sector and 38% of private sector respondents report regularly sharing data with government agencies. The leading cause of the lack of data sharing is cited in the report as a lack of resources and challenges in leveraging data.

Although dealing with cybersecurity in the public sector may be more difficult than in the private sector, both share similar cybersecurity priorities. Improving threat response and remediation topped the list of priorities with both, sitting at 55% in the public sector and 53% among private sector respondents. Improving detection of emerging threats sat at 49% and 47%, and improving user security awareness was at 46% in the public sector and 50% in the private sector respondents.

Both public and private sector organizations plan investments to address cybersecurity priorities. Investment priorities include monitoring and alerts, threat intelligence and security assessments. However, the report found that the private sector is more likely to be planning investments in security orchestration, automation and response, centralized log management and observability.

Both public and private sector organizations believe that it’s important to share data on threat intelligence and actors — 69% among public sector and 63% among private sector respondents. For real-time information on security events, 60% and 69%, respectively, said it was important it was shared. The percentages for cybersecurity training materials and best practices were 79% and 68% and for benchmarked data 36% among public sector and 31% among private sector respondents.

The report found that overall, the public sector struggles to act on cyber data because of a lack of resources — budget, skills gaps and lack of visibility into the threat landscape — which directly affects agencies’ cybersecurity defenses.

Image: Pixabay