JACKSON, Miss. – Nearly one-third of Mississippi state agencies have failed to meet legal requirements for cybersecurity assessments, leaving critical government data and operations vulnerable to cyberattacks, according to a new report from the Office of the State Auditor.
The audit, conducted by the State Auditor’s Office in conjunction with the Mississippi Department of Information Technology Services (ITS), found that a significant number of state entities have not complied with a state law requiring a comprehensive, third-party cybersecurity assessment, often called a “penetration test.”
State Auditor Shad White emphasized the severe risks of non-compliance.
“Part of our role in my office according to state regulations is to report on whether agencies have followed the steps to protect themselves from hackers,” Auditor White said. “This report should be a loud warning bell to state officials.”
The required assessment involves hiring an outside firm to actively test an agency’s systems for exploitable weaknesses, a vital step in preventing data breaches and ransomware attacks. Failing to conduct these tests exposes sensitive citizen information and government operations to unnecessary risk.
History of Cyber Incidents
The report highlighted recent instances of cybercrime targeting Mississippi government entities:
Hinds County Ransomware (2023): A ransomware attack on Hinds County government services disrupted vehicle registration and real estate transactions, costing taxpayers an estimated $600,000 to resolve.
School District Data Breach (2024): A data breach disrupted the Starkville-Oktibbeha Consolidated School District.
Hacked Council Meeting (2025): An online meeting of the Mississippi Opioid Settlement Fund Advisory Council, hosted by the Attorney General’s office, was compromised in July 2025.
The Auditor’s Office strongly recommends that all non-compliant state agencies immediately engage IT professionals to ensure they are following state law to protect Mississippians’ personal data and taxpayer funds.
The complete cybersecurity compliance report is available on the Auditor’s website under the “Reports” section.
Bob Bakken provides content for DeSoto County News and its social media channels. He is an award-winning broadcaster, along with being a reporter and photographer, and has done sports media relations work with junior and minor league hockey teams. Along with his reports on this website, you will find this veteran media member providing sports updates and high school football play-by-play on Rebel 95.3 FM Radio.
