US Federal Contractors Lag in Cyber Best Practices

The US federal government relies on tens of thousands of contractors and subcontractors – sometimes referred to as the federal “supply chain” – to provide critical services, hold or maintain sensitive data, deliver technology and perform key functions. When it comes to their cyber-risk, BitSight has found that the cybersecurity posture of US federal contractors lags far behind that of federal agencies. In an analysis of 1,200 federal government contractors, the mean BitSight Security Rating for federal agencies was at least 15 or more points higher than the mean of any contractor sector. “To some this may be surprising: Some agencies have made public their large data breaches in recent years,” the report noted. “However, many agencies maintain a strong security posture overall and the aggregate performance of agencies has increased steadily. The mean rating for agencies as of January 2018 was 725.