Cyber attacks suffered by governmental entities reached an all-time high in 2014, with 382 events, and in the first quarter of 2015, 95 attacks have already occurred, as criminals step up efforts to crack state, city, and federal repositories of data and sensitive information. Advisen’s Loss Insight Database offers a look at this field of events dating back to 1974 (when one event was logged) and the last 10 years indicate a steady rise in the public sector. As developing information surrounding the hacking of the White House has shown, government offers an obvious cyber risk that must be managed as well as if not better than risks in the private sector.
Attacks aimed at the executive, legislative, and “general” arms of the government were found to be most common, according to Advisen data, followed by a fairly even split among intrusions into justice, public order, and safety departments; human resources; and national security and international affairs. Public finance and taxation as a category was lower on the list, but that number may rise after this year, when so many individuals tried to file 2014 tax returns and found scammers had already filed in their name.
Despite the prevalence of cases, cyber events relating to government entities usually (60 percent of the time) tend to rack up costs of just under $100,000. The probability of events costing more than $1.2 million is about one percent, per Advisen data. However, when you consider that the loss probability of events costing $500,000 is 25 percent, the frequency of events begins to cancel out the relatively low severity.
Attacks on servers account for the most single-source events, but taken together, website hacks and lost printed records make up a larger number, at 462 and 428, respectively. Laptop losses and email come in at runners-up to these more frequent sources of loss. In 2014, social media represented only seven cases but these are perhaps the most visible indications of cyber vulnerability at the governmental level, with the hacking of U.S. military Central Command’s Twitter account occupying the media for several days at the beginning of this year. However, it’s significant to remember that a hack of Centcom’s Twitter means only that that particular social media account was hacked, not Centcom itself.
Based on case studies, cyber-related events for governmental entities arise almost wholly due to hacking efforts and failure to secure personal private and financial information. Be it city, state, or federal, the government tracks and collects data that cybercriminals want and will repeatedly try to steal. And the public in general has no option but to provide its information to the government, but will hold government officials to a higher standard in many cases than the private sector in terms of safeguarding it.