The study was conducted by LevelBlue, a private company that sells cybersecurity services, and it surveyed 200 public-sector tech leaders, highlighting a gap between the threats they face and their ability to respond. Twenty-nine percent of the group said they’d suffered a security breach in the past year, while 46 percent said they experienced a higher volume of attacks. Kory Daniels, global chief security and trust officer at LevelBlue, said the actual scale of cyber incidents may be larger because many organizations deal with breaches that never become public.
AI-driven attacks are also a major concern, with 45 percent of respondents saying they expect AI-enabled threats, while only 28 percent believe they’re prepared, the report notes. AI has broadened the attack surface, giving bad actors new ways to research targets and create more convincing phishing attempts, while at the same time expanding the number of entry points as agencies adopt new tools and technologies. Also, employees have more difficulty identifying things like AI-enhanced phishing attempts and business email compromise.
The report also highlights that disruptions happen within a complex digital environment, where 44 percent of agencies lack full visibility into the systems and partners they use. This supply chain risk remains an “Achilles heel” for many, with attackers often bypassing direct defenses by targeting trusted vendors and partners, Daniels said. The issue is also prompting more scrutiny at the leadership level, as executives seek to better understand how vendor disruptions impact government services.
So, what can be done to bolster cyber defense?
The report points to a need for stronger leadership engagement, better visibility into vendor ecosystems and ongoing workforce training. Daniels said that organizations need to strengthen security awareness and training as employees adopt artificial intelligence tools in ways that can blur the lines between personal and professional use. At the same time, agencies that are most confident in their resilience tend to have strong leadership alignment, with cybersecurity treated as a shared responsibility and supported at the executive level.
“Where we see organizations having the most success … are the ones who feel heard at the board level,” he said. “The CXO team with a direct line to leadership — these are the organizations that have tail winds for their cyber resilience programs.”
The findings are part of a broader cybersecurity survey conducted in 2025 across 14 countries and seven sectors. The majority of the responses from the U.S. public sector were from IT and security engineers and architects.
Across the U.S., cyber attacks in 2025 disrupted government operations at every level, from a ransomware incident in Nevada that shut down state offices and services for days to a prolonged attack in St. Paul, Minn., that forced systems offline and triggered a local emergency declaration.
