The cybersecurity posture of Mississippi state entities, including agencies, boards, commissions and universities, tends to be incredibly poor, the Office of the State Auditor (OSA) discovered during a recent audit. Out of the 125 entities included in the audit, a mere 53 had implemented a cybersecurity policy, while 11 entities lacked both a security policy and a disaster recovery plan. 22 entities had not carried out a security assessment in the last three years, even though they were legally required to perform at least one such assessment over this period.
Moreover, 54 of the entities failed to provide information to the OSA as part of the audit. State auditor Shad White explained that “many state agencies are operating as if they are not required to comply with cybersecurity law, and many refused to respond to auditors’ questions about their compliance.”
Read more: Mississippi Shows Flagrant Disregard for Cybersecurity