A new report released the week of March 21 said that more than 60 percent of federal agencies responding to a survey have experienced a data breach, with nearly 20 percent suffering a breach in the last year.

The report by Vormetric, which was recently acquired by France’s Thales Group, said the 61 percent of agency information technology professionals responding that their organizations have suffered a data breach is higher than the United States average, which is 57 percent, and trails only the healthcare industry, which comes in at 63 percent.

“On the positive side, 58 percent of US fed responded ‘somewhat’ or ‘much’ higher, when asked about their overall spending intentions with respect to protecting sensitive data,” said the report, 2016 Vormetric Data Threat Report: Federal Government Edition. “The bad news is that was the lowest of all verticals, and well behind financial services at 69 percent.”

Forty-four percent of respondents identified skill shortages as the top barriers to better data security while 43 percent said budgets.

More than 75 percent of respondents said that the top external threats were cyber criminals with nation state actors coming in at 47 percent. Between those two sets of threat actors stand hacktivists and cyber terrorists, the report said.

As for insider risks, 65 percent of respondents believed privileged user accounts were the riskiest with 43 percent concerned contractor accounts were a greater concern.

The report also suggested that federal IT security professionals were thinking back versus forward in terms of defending their networks.

“As an example, spending intentions reflected a tendency to stick with what has worked in the past, such as network and endpoint security technologies that offer little help in defending against multi-stage attacks,” Garrett Bekker, a senior analyst for information security at 451 Research, which helped Vormetric with the study, said in a statement. “Clearly, there’s still a big disconnect between what we are spending most of our security budget on and what’s needed to ensure that our sensitive data remains secure.”

The study says the top spending categories among federal respondents for the next year are network defenses, 53 percent, followed by analysis and correlation tools at 46 percent.