In this article, we’ll dive into why the public sector is a frequent target of cybercriminals and experiences data breaches. We’ll also cover the current landscape when it comes to public sector data breaches, and some steps that governments can take to protect their citizens, employees, and data.
When you think of targets of data breaches and identity theft, big corporations and healthcare organizations may come to mind. With a treasure trove of proprietary data, access to a large pool of financial resources, and valuable records, it’s no wonder that these types of organizations are frequently targeted. However, you might be surprised to know that the public sector is one of the top targets as well. In fact, a recent study found that state institutions and political systems were the target of over 50 percent of all cyberattacks. Many of these attacks result in data breaches, which can be incredibly expensive to recover from and may cause longer lasting damage. While the public sector is an attractive target for a variety of reasons, here’s the good news: there are also several steps that public sector agencies can take to protect their data and their employees.
Public sector data breaches by the numbers
From 2014 to 2023, the U.S. government has suffered almost 1,300 data breaches that affected over 200 million records. And these security breaches have incurred an eye-watering sum to recover from: an estimated $30.4 billion.
This trend of public sector data breaches shows no sign of slowing down, with 2023’s number of breached records surpassing 22 million, over four times the number of breached records in 2022. The average cost of a public sector data breach also increased by 12 percent in 2024, reaching $2.86 million. There have been several attacks on government agencies in the past decade that have resulted in data breaches, including:
The Congressional Budget Office in 2025
National Public Data in 2024
The SolarWinds attack in 2020, which impacted several government agencies
Why makes government agencies and institutions prime targets for data breaches?
While government agencies are targeted for many reasons, we’ll focus on the top three.
Government agencies store a wealth of information
As an essential aspect of our daily lives, the public sector has a wealth of information about its citizens. Whether it’s driver’s licenses, Social Security numbers, tax documents, or other critical information, public sector agencies store all sorts of sensitive information that is valuable to hackers and cybercriminals.
This type of information can not only be sold for a pretty penny, but it can also be used in identity theft schemes, making it even more valuable.
The public sector has access to highly confidential information
With detailed files on the country’s infrastructure, intelligence resources, proprietary engineering, and other valuable resources, the public sector is an irresistible target.
Not only is the public sector an enticing target for bad actors from foreign governments, but it’s also an attractive target for hackers who launch these attacks with the plan to eventually sell the confidential information they get their hands on.
Disruption to operations and economic damage
When hackers and bad actors succeed in breaching an agency’s data, they can cause significant disruption to the agency’s operations.
The recovery effort related to these data breaches also require significant funds. Although a single data breach may not break the bank, the impact of several data breaches can have a devastating accumulative effect. This effect can also be compounded when government employees decide to sue the agency they work for when their data is exposed in a breach.
3 key steps government agencies take to protect their employees
With so many cybercriminals looking to steal information and disrupt their operations, how can a public agency best protect their citizens, their employees, and their funds? There are also several regulations that government agencies must comply with, including the Federal Information Security Modernization Act and the Privacy Act of 1974.
Luckily, there are several steps they can take to help prevent data breaches and protect their employees and fellow citizens from identity theft, including:
Protect employee’s personal devices
With employees increasingly using their own devices for work-related tasks, providing employees with the resources they need to protect their personal devices is critical. In fact, recent studies found that almost half (44 percent) of employees use their personal phone for work and 32 percent use their own computer. And with 71 percent of employees storing sensitive work passwords on their personal devices, protecting these devices is more important than ever.
If hackers are successful in a phishing scheme or malware attack on these devices, they may gain access to the private data they need, such as log in credentials, to initiate a data breach.
Monitor the dark web for employee credentials—both personal and professional
The most insidious aspect of phishing or malware attacks is the fact that an employee may be a victim without even knowing it. Once an employee falls victim to a phishing scheme or malware attack, critical data like their login credentials can then be posted on the dark web for hackers to use in data breach attempts. And with 36 percent of employees reporting that they use the same passwords for both personal and work accounts, this can provide an easy way for hackers to gain access to work accounts or networks.
By proactively monitoring the dark web for employees’ personal and work credentials, public sector agencies can help prevent a data breach before it happens. When an employee is notified that their credentials have been exposed on the dark web, they can then go in and change their login or password, preventing a cybercriminal from using that information in a cyberattack and allowing them to further secure their accounts.
Identity theft restoration
When an employee experiences identity theft, it can be the beginning of a host of problems. If the employee doesn’t properly resolve the identity theft incident, they may experience repeated instances of identity theft in the coming years, which can negatively impact both the employee and their employer.
By offering an identity restoration benefit, employers can ensure that employees can effectively and efficiently resolve an identity theft incident and help prevent further issues.
Provide continued education on the latest phishing and malware schemes
To their credit, cybercriminals are endlessly creative. They’re coming up with new tactics, schemes, and methods every day, and even the most cautious employees can fall victim to their efforts. In fact, 68 percent of data breaches involve a non-malicious human element, such as falling victim to a social engineering attack.
By providing employees with frequent updates on the latest social engineering tactics and phishing schemes, they can recognize these attack methods more easily and stop an attack dead in its tracks.
Ready to equip your employees with a benefit that can help protect their identities and your agency’s data? Contact our sales team to learn more.
