U.S. government and cybercrime - Statistics & Facts
Government databases are primary targets for hackers and acts of cyber warfare. In the United States, cyberattacks on government entities have been a cause for concern for years, as not only the frequency of data breaches but also their complexity and economic implications have increased.
Following massive cyberattacks on the U.S. critical infrastructure, such as the Colonial Pipeline attack in 2021 and other attacks on various third-party vendors, indirectly impacting government entities, the federal government is constantly implementing new strategies dedicated to better protecting critical infrastructure. However, despite the efforts to protect government entities from cyber threats, there is still a long way to go.
Types of cyberattacks targeting the U.S. government
Governments are often targets of nation-state threat actors but also of non-state actors, such as terrorist groups, companies, political or ideological extremist groups, criminal organizations, and hacktivists. In 2022, improper use was the most common type of attack vector recorded by the U.S. government CFO Act agencies. Overall, CFO Act agencies recorded more cyberattacks than Non-CFO Act agencies.U.S. government data breaches
2023 was a year full of data breaches for U.S. government entities. Only in that year were 100 cases of private data exposure reported, up from 74 in 2022. According to the reports, 2023’s 100 cases of private data violations affected 15 million people. By far, the most significant reported data breach involving the U.S. government was the breach at the U.S. postal service in 2018, which exposed 60 million data records. Cities were the government entities encountering the most data breach incidents.U.S. cybersecurity governance
Cybersecurity legislation or frameworks are crucial in establishing the resilient cybersecurity posture of a government unit. In the United States, cybersecurity governance is carried out at the state level through regulations, legislations or statutes, and expenditures. In a 2022 survey, State Chief Information Security Officers in the United States stated that only a few had cybersecurity legislations or statutes in place that were funded . Most states have not adopted any of the mentioned legislations. Moreover, the majority of U.S. states did not have a cybersecurity budget line item and only 21 percent had it established by a statute or law.Cybersecurity spending
The overall estimated cybersecurity spending at U.S. CFO Act Agencies for the fiscal year 2024 was over 12 billion U.S. dollars. Non-CFO Act Agencies had an estimated budget of 548 million U.S. dollars. Of selected federal departments, the Department of Homeland Security had the highest cybersecurity spending in 2023, 2.9 billion U.S. dollars, followed by the Department of Justice, with 1.2 billion U.S. dollars.Following massive cyberattacks on the U.S. critical infrastructure, such as the Colonial Pipeline attack in 2021 and other attacks on various third-party vendors, indirectly impacting government entities, the federal government is constantly implementing new strategies dedicated to better protecting critical infrastructure. However, despite the efforts to protect government entities from cyber threats, there is still a long way to go.
