The Government Accountability Office reports that federal agencies reported more than 35,000 cyber incidents to the Homeland Security in 2017, up from nearly 31,000 in 2016, but substantially less than the 77,000+ reported in 2015.
Roughly one in five incidents last year involved violations of agencies’ online use policies, while email and phishing attacks made up another 21 percent. Web-based attacks and misplaced equipment accounted for about 23 percent of incidents. Nearly one-third of attacks didn’t fall neatly within any major category.
Only 6 of the 23 CFO Act agencies have put in place effective information security strategies, and inspectors general at 17 agencies found security shortcomings in their organization’s financial reporting process
Similarly, only 6 agencies reported meeting all nine of the White House’s cross-agency priority goals for cybersecurity, and the OMB found only 13 agencies were managing their overall cyber risk.