Improper usage accounted for almost a third of federal information security incidents in the United States. E-mail and phishing attacks generated 22 percent of incidents during the FY 2018. Throughout the most recently published year, U.S. government agencies reported 31,107 cyber incidents, an approximately 11.8 percent decrease from the previous period.
Distribution of cyber security incident reports by federal agencies in the United States during FY 2018, by attack vector
Characteristic
Share of incidents
Improper usage
31%
E-mail / phishing
22%
Web
11%
Loss or theft of equipment
8%
Impersonation / external or removable media / multiple attack vectors*
Attrition: An attack that employs brute force methods to compromise, degrade, or destroy systems, networks, or services
Loss or theft of equipment: The loss or theft of a computing device or media used by the organization
Web: An attack executed from ta website or web-based application
E-mail/phishing: An attack executed via e-mail message or attachment
Improper usage: Any incident results from violation of an organization's acceptable usage policies by an authorized user that is not reported as part of another threat vector category
Impersonation: An attack involving replacement of legitimate content/services with a malicious substitute
External/removable media: An attack executed from removable media or a peripheral device
Multiple attack vectors: An attack that uses two or more of the attack types in combination
Other: An attack method that does not fit into any other type or is undefined
Profit from the additional features of your individual account
Currently, you are using a shared account. To use individual functions (e.g., mark statistics as favourites, set
statistic alerts) please log in with your personal account.
If you are an admin, please authenticate by logging in again.
Learn more about how Statista can support your business.
GAO. (July 26, 2019). Distribution of cyber security incident reports by federal agencies in the United States during FY 2018, by attack vector [Graph]. In Statista. Retrieved January 08, 2025, from https://www.statista.com/statistics/1089065/cyber-incident-reported-usa-gov-attack-vector/
GAO. "Distribution of cyber security incident reports by federal agencies in the United States during FY 2018, by attack vector." Chart. July 26, 2019. Statista. Accessed January 08, 2025. https://www.statista.com/statistics/1089065/cyber-incident-reported-usa-gov-attack-vector/
GAO. (2019). Distribution of cyber security incident reports by federal agencies in the United States during FY 2018, by attack vector. Statista. Statista Inc.. Accessed: January 08, 2025. https://www.statista.com/statistics/1089065/cyber-incident-reported-usa-gov-attack-vector/
GAO. "Distribution of Cyber Security Incident Reports by Federal Agencies in The United States during Fy 2018, by Attack Vector." Statista, Statista Inc., 26 Jul 2019, https://www.statista.com/statistics/1089065/cyber-incident-reported-usa-gov-attack-vector/
GAO, Distribution of cyber security incident reports by federal agencies in the United States during FY 2018, by attack vector Statista, https://www.statista.com/statistics/1089065/cyber-incident-reported-usa-gov-attack-vector/ (last visited January 08, 2025)
Distribution of cyber security incident reports by federal agencies in the United States during FY 2018, by attack vector [Graph], GAO, July 26, 2019. [Online]. Available: https://www.statista.com/statistics/1089065/cyber-incident-reported-usa-gov-attack-vector/
