Nearly a third of Mississippi state agencies do not meet cybersecurity assessment requirements, the state’s Office of the State Auditor warned in a recent report, saying the gaps leave critical operations at risk.
The auditor’s office said its analysts worked with the Mississippi Department of Information Technology Services to evaluate compliance with a statewide cybersecurity program that requires agencies to hire an outside firm to test systems for weaknesses.
That review revealed that 32 of the state’s agencies don’t test their cyber defense systems, a marked increase in the number of agencies not in compliance with cybersecurity requirements compared to a 2019 audit.
“Ensuring proper policies and procedures are in place is one of the most important measures a government office can take to ensure proper cybersecurity controls,” wrote officials. “The government creates, stores, and maintains a wealth of personally identifiable information like health, tax, and student data.”
“Continued noncompliance with the ESP exposes that data to increased risk from potentially vulnerable state computer systems,” officials added.
The lack of compliance comes as Mississippi has fallen victim to a series of recent cyberattacks in the past few years.
In July, an online meeting hosted by the Attorney General’s office was hacked, and a data breach in 2024 disrupted the Starkville-Okitbbeha Consolidated School District.
A 2023 ransomware attack on Hinds County also caused disruptions by preventing Mississippians from registering vehicles or completing real estate transactions, costing at least $600,000 to resolve, according to officials.
“Leaders of state agencies should engage with IT professionals to ensure their agency complies with state law,” audit officials recommended, adding that state leaders should also “continue to collaborate and share cybersecurity best practices for preventing security incidents.”