New research commissioned by CyberSheath revealed that nine out of ten (87%) of US defense contractors do not meet basic cybersecurity regulation requirements. The security firm conducted a survey of 300 Department of Defense contractors and found that a shockingly low number of respondents have the recommended level of security practices in place. Only 13% of respondents had a Supplier Risk Performance System score of 70 or above, way below the score of 110 that is required for full compliance.
According to the study authors, the defense contractors believed a score of 70 to be adequate. However, with recent attacks targeting the defense and critical infrastructure industries, the survey’s results are concerning to security experts. Defense contractors are required to comply with the Cybersecurity Maturity Model Certification framework and must prove their compliance when bidding for DoD contracts. However, the recent survey results seem to indicate that the contractors are not complying with the updated version of the framework, which it set to come into effect in May 2023 and modifies the original version released in January 2020.