Irvine, CA, October 20, 2020

88% of government agencies say misconfiguration of cloud services is a top security threat; pre-pandemic, only 25% considered it critical

The Netwrix report also revealed that the public sector is most worried about external threats, even though actual incidents were mainly related to insiders.

Netwrix, a cybersecurity vendor that makes data security easy, today announced government market findings from its 2020 Cyber Threats Report. Netwrix conducted this online survey in June 2020 to understand how the pandemic and ensuing work-from-home initiatives changed the IT risk landscape.

With the pandemic, the public sector has become extremely worried about cyberattacks. Nearly all respondents (98%) are now concerned about supply chain compromise, 95% named VPN exploitation as a top threat and 82% cited credential stuffing.

Another drastic shift is related to the misconfiguration of cloud services: 88% of government agencies now say that cloud misconfiguration is a top security threat, while pre-pandemic, only 25% said it was critical. However, only 11% of incidents reported during the first three months of the pandemic were actually caused by this scenario.

In reality, most incidents during this time period involved the human factor: 53% of respondents said they experienced at least one phishing attack, and 18% reported insecure sharing of sensitive data. What’s particularly troubling is that improper data sharing was especially hard for government agencies to spot: nearly all organizations needed days (42%), weeks (32%) or even months (21%) to detect it.

Other findings discovered by the survey include:

  • 29% of government agencies feel that they are at greater security risk now than they were before the pandemic. 86% of them are worried about stronger or more frequent cyberattacks, which is the highest percentage among all the verticals studied in the report.
  • Concern about VPN exploitation grew from 10% pre-pandemic to 95% now.
  • 26% of government agencies reported experiencing ransomware or other malware.
  • 6% experienced data theft by employees. None was able to spot it in minutes and only 5% were able to flag the incident in hours. The rest (95%) required days, weeks or months.

Government agencies should focus their cybersecurity efforts on mitigating the insider threat, especially when many employees and contractors are accessing the networks remotely. Organizations must ensure that every user understands basic cybersecurity rules and completes security training on a regular schedule. IT teams should look for solutions to speed threat detection and streamline incident investigation. In addition, they should follow proven security best practices like network segmentation, privilege attestation, continuous auditing for malicious activity across data repositories, and alerting on suspicious activity and changes.
Ilia Sotnikov, VP of Product Management at Netwrix

To get the complete findings of the Netwrix 2020 Cyber Threats Report, please visit:

about netwrix corporation

Netwrix champions cybersecurity to ensure a brighter digital future for any organization. Netwrix's innovative solutions safeguard data, identities, and infrastructure reducing both the risk and impact of a breach for more than 13,500 organizations across 100+ countries. Netwrix empowers security professionals to face digital threats with confidence by enabling them to identify and protect sensitive data as well as to detect, respond to, and recover from attacks.

For more information, visit

contact us

Your questions and feedback are always welcome. Please dial our toll-free number: 888 - 638 - 9749, or enter your question details here and we will reply as soon as possible.

Media contact

Erin Jones, Avista PR for Netwrix
Phone: 704 - 664 - 2170

Follow us