Skip to main content
Security Scorecard

U.S. Government Ranks Last Among Major Industries in Cybersecurity

Posted on April 14th, 2016

NEW YORK, April 14, 2016 /PRNewswire/ -- SecurityScorecard, the most accurate benchmark of cybersecurity risk across the entire business ecosystem, today released its 2016 Government Cybersecurity Report - a comprehensive analysis that exposes alarming cybersecurity vulnerabilities across 600 local, state, and federal government organizations in the United States. The conclusions and rankings featured in the report are based on data derived from SecurityScorecard's patented security rating platform.

Among the report's findings are the following observations:

  • Across all industries surveyed by SecurityScorecard, including Transportation, Retail, Healthcare and more, U.S. government organizations received the lowest security scores. SecurityScorecard tracked 35 data breaches among all U.S. government organizations between April 2015 and April 2016.
  • Low-performing U.S. government organizations struggled the most with three categories of security measurements: Malware Infections, Network Security, and Software Patching Cadence.
  • Within state organizations with a SecurityScorecard grade below a 'B,' 90 percent of them scored an 'F' in Software Patching Cadence and 80 percent scored an 'F' in Network Security.
  • Among local organizations, 60 percent of low performers received an 'F' in Network Security, 50 percent received an 'F' in Software Patching Cadence, and 30 percent received an 'F' in IP Reputation (Malware).
  • NASA received the worst score among all 600 U.S. government organizations. Other bottom-performers include the US Department of State, and the IT systems of Connecticut, Pennsylvania, and Washington.

Each U.S. government organization was evaluated based on their overall security hygiene and security reaction time compared to their industry peers. SecurityScorecard also analyzed the specific scores of NASA, the FBI, and the IRS, all of which fell victim to data breaches in early 2016.

"With serious data breaches making headlines on what seems like a weekly basis, our team felt compelled to turn a spotlight on government agencies and determine which of them are demonstrating a commitment to securing their infrastructure and which are falling short," said Dr. Luis Vargas, Sr. Data Scientist at SecurityScorecard. "The data we uncovered clearly indicates that while some are improving their security postures, too many are leaving themselves dangerously exposed to risks and vulnerabilities, especially at the larger federal level."

The 2016 Government Cybersecurity Report identifies major U.S. government data breaches between April 2015 and April 2016. The report also features a competitive analysis that pits the U.S. government sector against the cybersecurity performances of 17 other major industries.

For more information about these findings, download the full report.

To receive a free SecurityScorecard assessment and consultation for your business, visit

About SecurityScorecard
SecurityScorecard provides the most accurate benchmark of security risk across the entire business ecosystem. The cloud-based platform helps enterprises gain operational command of the security posture for themselves and across all their partners and vendors. It offers a measurement and analysis of critical risk factors not available from any other service provider and in a completely self-service and automated tool. It's based on the ThreatMarket™ data engine which collects over 30 million daily security risk recon signals from the entire Internet. SecurityScorecard was founded in 2013 by two former Chief Information Security Officers, Dr. Aleksandr Yampolskiy and Sam Kassoumeh. It is made up of veteran security researchers, cryptographers, data scientists, and software engineers. The company is privately held with headquarters in New York City. Security Scorecard investors include Sequoia Capital, Evolution Equity Partners, Boldstart Ventures, and others.

Join us in making the world a safer place.