Federal Information Management Security Act: Annual Report to Congress

Citation
Office of Management and Budget, Federal Information Management Security Act: Annual Report to Congress {February 27, 2015) (full-text).

Overview
The number of actual cybersecurity incidents reported by federal agencies to the DHS decreased last year. Data show the total bulk number of incident reports sent by the largest 24 agencies to US-CERT going up by about 16% during FY2014 from the year before. But when two significant categories from that data set are removed &mdash; "non-cybersecurity incidents" and "other" &mdash; the number actually shows a decrease of about 6%.

Non-cybersecurity incidents involve the mishandling of personality identifiable information[[, but without a [[cybersecurity component, meaning the data breach likely occurred through a misplaced paper document. Incidents classified as "other" are things such as scans, blocked attempts at access and miscellaneous events. Reported incidents of actual serious cybersecurity issues, such as malware, suspicious network activity and improper usage, declined last year. Real threats that did increase in recorded number include social engineering, unauthorized access, and denial-of-service attacks.