The U.S. federal government relies on its supply chain of thousands of contractors and subcontractors to provide critical services, hold or maintain sensitive data, deliver technology and perform key functions. The number of contractors that have disclosed that they have been victims of data breaches resulting in the compromise of sensitive government information is increasing. Now more than ever, it is critical to understand and manage the cyber risk to the federal supply chain.
This BitSight Insights report explores the cybersecurity performance of U.S. federal contractors across several industries and how that compares to the performance of U.S. federal agencies. Some of the key findings of this report include:
- There is a gap in security performance between the U.S. federal government and its contractor base — the mean BitSight Security Ratings for federal agencies was at least 15 points higher than the mean of any other contractor sector.
- While the U.S. federal government has made a concerted effort to fight botnets recently, botnet infections are prevalent amongst the government supply chain, particularly for Healthcare/Wellness and Manufacturing contractors.
- Many contractors do not follow best practices for network encryption and email security — nearly 50% of contractors have a BitSight grade below C for the Protective Technology subcategory of the NIST Cybersecurity Framework.
Download this report to learn about the cybersecurity performance of the federal supply chain and recommendations for improving third party risk management.