The Auditor’s Office conducted a survey of 125 state agencies, boards, commissions, and universities to track compliance with the state’s new Enterprise Security Program, which is designed to “provide coordinated oversight of the cybersecurity efforts across all state agencies, including cybersecurity systems, services, and development of policies, standards, and guidelines.”
The program was created in 2017 and compliance is required by law. Despite that, 54 of the 125 government entities surveyed did not respond.
The findings among those that completed the survey showed:
- 53 agencies reporting having proper cyber security measures in place;
- 43 agencies reported having conducted a third-party security risk assessment in the last three years;
- 36 agencies reported having encrypted sensitive information; and
- 49 percent of responding agencies reported being more than 75 percent compliant with the Enterprise Security Program.
“The results of the survey described above show that Mississippians’ personal data may be at risk,” Auditor Shad White said. “Many state agencies are operating as if they are not required to comply with cyber security laws, and many refused to respond to auditors’ questions about their compliance. State government cyber security is a serious issue for Mississippi taxpayers and citizens. Mississippians deserve to know their tax, income, health, or student information that resides on state government servers will not be hacked.”
The Auditor’s Office is authorized to verify compliance with the Enterprise Security Program.