Most federal government respondents to a recent data threat survey believe their data is secure but the same survey participants report that nearly one-third said they had been breached within the past year and little more than half have been breached at some time in their history, according to a new report.

Federal agencies are increasingly moving their data to the cloud and 68 percent of respondents say that are in the midst of digitally transforming their organizations, says the report, which was sponsored by Thales.

Digital transformation brings value but also creates a more complex security environment for data, the report says. It says that 54 percent of U.S. government data is stored in the cloud and 51 percent of that data is sensitive. Moreover, most agencies are using multi-cloud solutions, the report says.

“All of this adds up to today’s data environments becoming increasingly complex,” says the federal edition of the 2020 Thales Data Threat Report. “This complexity and its impact on performance and processes are top barriers to data security.”

In the past year, 29 percent of respondents reported their agencies had failed compliance audits, the report says.

The data security environment is likely to become even more complex in the future with the introduction of quantum computing, the report says, noting that 78 percent of respondents expect quantum cryptography to affect their organization within five years. It says quantum computing could help threat actors get past network defenses.

The report says 34 percent of respondents are focusing on data security, which only averages about 17 percent of their overall information technology security budget. It adds that 56 percent of federal agencies are planning to increase their spending on data security in the next year, a similar amount as last year.

The report says most agencies aren’t living up to their share of responsibilities when it comes to data security in the cloud.

“And when it comes to security data in the cloud, most government organizations incorrectly look to their cloud providers to implement data security measures for the portion of the shared responsibility model that is owned by the government organizations themselves,” it says.

Not all agencies are created equal when it comes to cyber security.

The Departments of Defense, Energy and Homeland Security typically have enough funding for cyber security but “Other agencies can find themselves challenged,” the report says, highlighting that smaller agencies need help to address security challenges related to their digital transformations.