87% of US Defense Contractors Fail Basic Cybersecurity Requirements

80% lack a vulnerability management solution, while 79% lack a comprehensive multi-factor authentication system.

The United States might not be as prepared for a cyber-attack as we think: A large majority of US defense contractors don’t meet basic cybersecurity requirements.

Specifically, a full 87% don’t meet core regulation standards, as a survey of 300 contractors has recently found.

It’s a sign that the country’s protective services aren’t quite up to snuff, and that’s concerning for the health and safety of our infrastructure and private data. But what are the exact standards that our bevy of contractors failed at?

Just 13% Contractors Scored 70 or Higher

The security standard is called the Supplier Risk Performance System (SPRS) score, and it’s a requirement under the Defense Federal Acquisition Regulation Supplement (DFARS). The US passed that supplement back in 2017.

Contractors are supposed to reach a score of 110 for full compliance. However, they only have to hit a score of 70 to reach the bare minimum. And yet just 13% of them reached 70 or higher, while the rest failed to reach that mark, research commissioned by CyberSheath has found.

Some additional takeaways about the survey’s findings:

  • 80% lack a vulnerability management solution
  • 79% lack a comprehensive multi-factor authentication (MFA) system
  • 73% lack an endpoint detection and response (EDR) solution
  • 70% have not deployed security information and event management (SIEM)

Worse, the same survey found most contractors didn’t meet another standard, the Cybersecurity Maturity Model Certification (CMMC), which is a framework that the Department of Defense released in 2020 and must be pass by any company bidding for contracts.

A “Clear and Present Danger”

CyberShealth hasn’t held back about these findings, calling them “shocking” and a threat to national security.

“The report’s findings show a clear and present danger to our national security. We often hear about the dangers of supply chains that are susceptible to cyberattacks. The DIB is the Pentagon’s supply chain, and we see how woefully unprepared contractors are despite being in threat actors’ crosshairs.” – Eric Noonan, CEO of CyberSheath

We covered the government’s commitments to closing the cybersecurity skills gap back in July, but these new results don’t look promising. And these days, cybersecurity is more important than ever.

Ransomware attacks and security breaches are up in recent years, and even the best pros have neared their breaking points recently, with one report from June of this year finding that 45% of cybersecurity professionals have considered quitting their jobs over rampant ransomware attacks.

Staying Cyber-Secure

The good news is that we are seeing some positive change on the horizon in 2023, with spending on cybersecurity set to rise in the next year by 10% to 15%.

Better software solutions like password managers, VPNs, and remote access software can help businesses small and large tackle the problem.

For the government and its defense contractors, though, we’ll need more than just a VPN. The wheels of change turn slowly in government, sure, but this appears to be a case in which they could be turning a lot faster.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He was a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and his art history book on 1970s sci-fi, 'Worlds Beyond Time,' was a 2024 Locus Awards finalist. When not working on his next art collection, he's tracking the latest news on VPNs, POS systems, and the future of tech.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals