For the First Time in Five Years, External Threats Overshadow Internal Threats as the Greatest Cybersecurity Concern for the Public Sector

January 11, 2022

The growing prominence of the general hacking community and foreign government-led cyberattacks is forcing the public sector to re-evaluate its security posture

SolarWinds (NYSE:SWI), a leading provider of simple, powerful, and secure IT management software, today announced the findings of its seventh Public Sector Cybersecurity Survey Report.* This survey includes responses from 400 IT operations and security decision makers, including 200 federal, 100 state and local, and 100 education respondents.

“These results demonstrate that while IT security threats have increased—primarily from the general hacking community and foreign governments—the ability to detect and remediate such threats has not increased at the same rate, leaving public sector organizations vulnerable,” said Brandon Shopp, Group Vice President, Product Strategy, SolarWinds. “But the data also shows an increased awareness and adoption of zero trust, as well as a commitment to invest in IT solutions and adopt cybersecurity best practices outlined in the Administration’s Cybersecurity Executive Order. It’s through these steps that public sector organizations can enhance their cybersecurity posture and fight the rising tide of external threats.”

2021 Key Findings:

  • The general hacking community (56%) is the largest source of security threats at public sector organizations, followed closely by careless/untrained insiders (52%) and foreign governments (47%). For the first time in five years, careless insiders were not listed as the top security threat.
    • State and local governments (63%) are significantly more likely than other public sector groups to be concerned about the threat of the general hacking community.
    • Federal civilian agency respondents (58%) are more likely to indicate careless insiders as a threat compared to the defense community (41%).
  • Cybersecurity threats from foreign governments (56%) are responsible for the greatest increase in concern among public sector respondents.
    • Defense respondents (68%) are the most likely to note foreign governments as a cybersecurity threat, compared to civilian (53%), state and local government (46%), and education (25%) respondents.
  • When asked about specific types of security breaches, the public sector’s level of concern over ransomware (66%), malware (65%), and phishing (63%) has increased the most over the last year.
  • Time to detection and resolution have not improved at the rate of increased IT security threats and breach concerns.
    • About 60% of respondents noted both the time to detection and time to resolution remained the same or worsened between 2020 and 2021.
  • Lack of training (40%), low budgets and resources (37%), and the expanded perimeter (32%) as a result of increased remote work continue to plague public sector security pros.
    • Respondents also pointed to insufficient data collection and monitoring as a key impediment to threat detection (31%).
    • State government respondents (50%) indicate more so than local governments (25%) that budget constraints are an obstacle to maintaining or improving IT security.
    • Education respondents are the most likely to struggle to identify the root cause of security issues, hampering their ability to both detect and remediate such threats.
  • Public sector respondents suggest improving investigative and remediation capabilities, as well as reducing barriers to sharing threat information between public and private sectors, as the top priorities for compliance with the Cybersecurity Executive Order.
    • Among SLED organizations, 86% are likely to adopt cybersecurity best practices and activities from the Cybersecurity Executive Order, including almost 100% of respondents from K-12 schools.
  • More than 75% of public sector respondents note their organizations rely on a formal or informal zero-trust approach.
    • A majority of public sector respondents are familiar with the principle of least privilege (PoLP), and 70% of respondents are either already implementing PoLP or will implement PoLP within the next 12 months.
  • The majority of public sector respondents realize the importance of IT security solutions and prioritize their investments highly in the next 12 months, with network security software (77%) being the top priority.
    • IT modernization investment priority leans toward replacing legacy applications (60%) and migrating systems to the cloud (60%).
    • When it comes to customer experience, IT services management (59%) holds investment priority. And for digital transformation, implementing stakeholder platforms and portals (57%) is key.

“Public sector organizations are increasingly concerned about the threats from foreign governments,” said Tim Brown, CISO and Vice President of Security, SolarWinds. “In looking at the survey data, it’s encouraging that a majority of the public sector is actively seeking to follow the roadmap outlined in the Administration’s Cybersecurity Executive Order, including enhanced data sharing between public and private sectors. This is a key pillar of the SolarWinds Secure by Design approach, which encourages government and industry to present a united front against criminals and foreign cyberactors.”

Supporting Quotes:

“Remote access is improving and will continue to be a priority.”

- Defense / Military

“The main difficulty is in finding and hiring qualified IT employees and then retaining them.”

- Federal Civilian

“If you and your customers are based in the United States, reshoring can help alleviate some of the supply chain unknowns. The looming question is how many supply chain unknowns will remain unknown?”

- Defense / Military

*In October 2021, independent market research firm Market Connections, Inc. surveyed 400 IT security professionals in U.S. federal civilian and defense agencies, state and local government, and education. The survey was conducted on behalf of SolarWinds. Full survey results are available upon request.

Additional Resources

Connect with SolarWinds





About SolarWinds

SolarWinds (NYSE:SWI) is a leading provider of simple, powerful, and secure IT management software. Our solutions give organizations worldwide—regardless of type, size, or complexity—the power to accelerate business transformation in today’s hybrid IT environments. We continuously engage with technology professionals—IT service and operations professionals, DevOps and SecOps professionals, and database administrators (DBAs) – to understand the challenges they face in maintaining high-performing and highly available IT infrastructures, applications, and environments. The insights we gain from them, in places like our THWACK community, allow us to address customers’ needs now, and in the future. Our focus on the user and commitment to excellence in end-to-end hybrid IT management has established SolarWinds as a worldwide leader in solutions for observability, IT service management, application performance, and database management. Learn more today at

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks of) their respective companies.

© 2022 SolarWinds Worldwide, LLC. All rights reserved.

Emily Brown
Phone: 1-703-287-7820

Jessica Primanzon
Phone: +1-301-672-5351

Source: SolarWinds Worldwide, LLC.