The US government is not spending enough on cybersecurity
Cyberattacks from China and Russia have infiltrated everything from President Obama's schedule to the Pentagon's Joint Chiefs of Staff's email to personal information of 7% of all government employees. There are reports that the two countries may have gained enough access to track the movements of intelligence members.
According to a report from Bank of American Merrill Lynch, one way to understand the weakness is the budget. Simply put, the government isn't spending enough protecting its data.
"US departments are still not spending enough on cybersecurity, in our view," said the report from strategists Sarbjit Nahal, Beijia Ma, and Felix Tran. "Despite seemingly facing an increasing wave of attacks, spend on cybersecurity as a percentage of total department budget is still low."
While overall spending on cybersecurity has increased, now at approximately $12 billion a year, so have the attacks.
Data in the BAML from the Government Accountability Office showed that cyberattacks increased by 12-fold from 2006 to 2014, from 5,503 to 67,168.
The amount that departments are spending on protecting against these attacks, however, is still a minuscule part of their budget.
"In fact, only the Department of Homeland Security spends more that 3% of its 2014 budget on cybersecurity," said the report. "The Office of Personnel Management spent the lowest percentage on cybersecurity out of all the departments, which is significant since it suffered the biggest US agency breach to date."
11 federal departments spend less than 1% of their budget on cybersecurity, including Social Security, NASA and the Department of State.
Additionally, BAML says the government's current structure to respond and defend from these attacks is a mess:
Despite the shortcomings, the BAML report does say that the attacks have brought an increased focus to the issue and that the government should eventually develop a better shield.
