Mississippi government institutions by and large are failing to comply with standard cybersecurity practices – only 71 of 125 state agencies, boards, commissions, and universities responded to a survey by the Office of the State Auditor (OSA) and only 53 of those have an articulated cybersecurity policy in place.

At least 11 of those surveyed don’t have adequate plans in place to prevent or recover from a cyberattack, the audit found, and more than of the respondents are less than 75 percent compliant with the state’s cybersecurity laws.

“This survey represents some excellent but alarming work by the data services division in the auditor’s office,” Mississippi State Auditor Shad White said in a statement. “October is cyber security awareness month, and we should start this month by acknowledging the very real weaknesses in our state government system.”

Noting that he had personally “seen screenshots of other states’ private data on the dark web,” White warned against “Mississippians’ personal information leaking out in the same way” and contended “the time to act to prevent hacking is now.”

The report urged heads of agencies to press their IT pros to ensure compliance and plan out how to prevent breaches.

“Sadly, most of the governmental agencies in the U.S. and Europe are similarly underprotected,” said Ilia Kolochenko, founder and CEO of ImmuniWeb. “The government usually lacks financial resources and is unable to effectively compete on the market for cybersecurity talents.”

Agencies are often thwarted by complicated and slow purchasing and procurement processes. “Hierarchy is likewise complicated, obscuring accountability and responsibility for cybersecurity,” he said. “Cybercriminals widely regard government as a low-hanging fruit, running targeted attacks and ransomware campaigns against it.”

Most attacks involving data theft “are sophisticated enough to never get detected and reported, differently from quite ‘noisy’ ransomware incidents,” Kolochenko said.