If you want to understand why government agencies keep cybersecurity analysts up at night, consider this: the FBI's 2024 Internet Crime Report recorded $16.6 billion in cybercrime losses across all sectors, a 33% increase over 2023. Government entities sit squarely in the crosshairs because they hold the most sensitive data imaginable, from critical infrastructure credentials to citizen records. State-sponsored actors add a layer of complexity that private-sector companies rarely face. The Cybersecurity and Infrastructure Security Agency (CISA) documented the threat posed by Volt Typhoon, a People's Republic of China state-sponsored group that specifically compromised IT environments across the Communications, Energy, Transportation, and Water sectors. For government agencies, a breach is not a billing headache; it can be a national security event.
TL;DR
- FBI IC3 recorded .6 billion in cybercrime losses in 2024, a 33% year-over-year increase.
- Volt Typhoon, a PRC state-sponsored group, actively compromised U.S. critical infrastructure across multiple sectors.
- Ransomware complaints rose 9% in 2024; phishing topped 193,407 IC3 complaints.
- CISA provides free vulnerability scanning and threat intelligence sharing for government agencies.
- Treating cybersecurity as a core operational function, not an IT expense, is the common thread among resilient agencies.
The threat landscape for government covers ransomware, phishing, and supply chain compromise in roughly equal and escalating measure. Ransomware complaints to the FBI's Internet Crime Complaint Center (IC3) rose 9% year over year, reaching 3,156 complaints in 2024. Public sector organizations are attractive targets because operational continuity is non-negotiable: a locked network at a water treatment facility or a transit authority is not simply an IT problem. Phishing remains the most reported crime type across all IC3 submissions, with 193,407 phishing and spoofing complaints in 2024 alone. Government staff are targeted because a single compromised credential can open doors to inter-agency systems, grants portals, and contractor networks that have their own downstream vulnerabilities.
CISA's 2024 Year in Review underscores both the scale of the challenge and the progress being made. The FBI has provided decryption keys to ransomware victims that helped them avoid more than $800 million in ransom payments since 2022, a meaningful win that shows coordinated defense works. For local and state government agencies without dedicated security operations centers, the practical focus should be phishing-resistant MFA, regular patch cadence, and network segmentation that keeps operational technology environments isolated from administrative systems. The organizations best positioned to weather this environment are those that treat cybersecurity not as an IT line item but as a core operational function, because adversaries certainly do.
Pro Tip: Join CISA's Free Cyber Hygiene Services
CISA offers free resources specifically for government entities, including the Cyber Hygiene Vulnerability Scanning service and access to the Automated Indicator Sharing (AIS) platform. Government agencies that enroll receive near-real-time threat intelligence that commercial organizations pay significant subscription fees for. Details are available directly from CISA at cisa.gov/cyber-hygiene-services.
Key Takeaways
- Scale of losses: FBI IC3 recorded $16.6 billion in cybercrime losses in 2024, a 33% year-over-year increase.
- State-sponsored threats are real: CISA documented Volt Typhoon actively targeting U.S. critical infrastructure across Communications, Energy, Transportation, and Water sectors.
- Ransomware is rising: IC3 received 3,156 ransomware complaints in 2024, up 9% from 2023.
- Phishing is the front door: With 193,407 complaints, phishing remains the most reported cybercrime and the most common entry point for government breaches.
- Free resources exist: CISA provides vulnerability scanning and threat intelligence sharing programs at no cost to government agencies.
Sources: FBI IC3 2024 Annual Report, CISA 2024 Year in Review, CyberScoop: 10 Key Numbers from the 2024 IC3 Report
