Government employees fail at cybersecurity.

That’s the biggest takeaway from a new report published today by Dtex Systems Inc. detailing the current state of cybersecurity with the public governance sector. The report, titled “Uncovering the Gaps: Security Perceptions and Behaviors of Today’s Government Employee,” surveyed attitudes, beliefs and actions of current government employees toward cybersecurity, finding several concerning trends among government workers with security clearances at federal, state and local levels.

Not holding back, the report describes a “consistent pattern of negligence and disinterest in developing positive security habits” along with “significant gaps in threat awareness and risk identification.”

The negligence is said to have come about because those in government have a tendency with regard to cybersecurity to suffer from either apathy or overconfidence. Some 53 percent of surveyed government workers said that they believe that no matter what proactive measures they take, hackers will find their way in. Conversely, 30 percent think they are more likely to be struck by lightning than have their organizations’ data compromised.

An inability to take personal responsibility was also cited as an issue. Nearly half of the government employees surveyed said responsibility for securing organizational data and devices falls squarely on information technology professionals, senior leadership and colleagues, with only 13 percent putting the onus on themselves.

“We’re all – as individuals, as organizations, and as a country — facing near-constant security attacks, whether from trusted insiders, malicious cybercriminals or nation-state actors,” Dtex Chief Executive Officer Christy Wyatt said in a statement. “With the increasing regularity and broad scope of insider-related incidents and breaches, it has become critical that public sector organizations improve security protocols and double down on intelligence-based, user-centric technology investments. The ability to both monitor and develop a contextual understanding of user behavior in real time is critical – not just in detecting and mitigating insider threats, but in this case, ensuring the continued safety of our nation.”

Not all government employees lacked self-awareness when it comes to their own deficiencies in regards to cybersecurity. Some 42 percent of respondents said that they themselves pose the greatest risk to the security of their organization. On the flip side, only 40 percent were able to correctly identify “insider threat” as an IT term, with the remaining 60 percent incorrectly reporting it to be a military, financial, sports, engineering or medical term.

Image: Dtex