Manual data transfers are a weak point in national security
53% of UK and US government IT security leaders still rely on manual processes to transfer sensitive data. We’re in 2025, and organizations protecting some of the most critical information on the planet are still using manual tools like external drives and controlled copy procedures. It’s slow, error-prone, and unnecessary. For systems that demand trust, speed, and resilience, this shouldn’t be acceptable.
Security isn’t just firewalls and encryption; it’s how data moves. When a person is involved in the transmission process, when they copy files manually or use outdated physical media, the attack surface expands. Not because people are careless, but because manual steps create friction. Friction leads to delays, inconsistencies, and vulnerabilities. In cybersecurity, those gaps get exploited.
It’s also important to recognize that decision-making speed is now mission-critical. Data has to flow instantly across units, systems, and countries. Manual transfers can’t keep up with that tempo. They were built for a different time, before the rise of autonomous systems, AI-driven targeting, and global cyber operations. Now, speed is not optional. Agencies are trying to preserve security by slowing things down. That’s the wrong trade-off.
Executives should see this clearly: reducing reliance on manual methods is not a procedural fix, it’s a foundational shift. You build for scale; you automate for trust. Whether it’s across intelligence layers or coalition groups, the faster you can move trusted data securely, the stronger your decision advantage.
Cyberattacks are rising
In 2025, national security agencies in the US and UK faced an average of 137 cyberattacks per week. That’s up from 127 in 2024. In just one year, US agencies alone saw a 25% increase in weekly attacks. These are not speculative threats. These are real incidents hitting real systems with mission consequences.
The frequency isn’t just about volume. It’s about how fast threats mutate and adapt. We’re living in a world of AI-enhanced attacks, state-sponsored cyber units, and zero-day exploits hitting critical infrastructure. And most of these defensive systems weren’t built for that. Especially systems still running old frameworks or networks using inconsistent security models across classified and unclassified domains.
What matters here is response tempo. Agencies trying to manually approve or physically move information before acting are going to fall behind. Cyber operations are compressing time. Threat detection, containment, and response must operate almost as a single action now. That means you need more than situational awareness, you need response capability that’s built into the system.
This is where the gap grows, and it grows fast. The widening delta between attack velocity and defense mechanisms makes it very clear: traditional infrastructure won’t scale at the speed the threat does. Executives should be asking, “Is our architecture agile enough to respond in real time?” And if your systems can’t answer that themselves, then the answer is no.
Waiting is not neutral. Delay is vulnerability. Every week this isn’t fixed is another 137 strikes, and rising.
Outdated infrastructure is driving systemic risk
Right now, 78% of government IT leaders say outdated infrastructure is their number one cyber vulnerability. That’s not a perception problem, it’s a structural one. If you’re running national defense or critical infrastructure on ageing platforms, you’re handing operational leverage to adversaries.
Old systems operate under limitations. They were designed for much smaller data volumes, less complex networks, and lower expectations around speed. In today’s environment, modern threats don’t wait for systems to catch up. Legacy workflows, especially those that require analogue or manual steps, introduce gaps in visibility, consistency, and response speed. Those gaps become risks.
Nearly half of the surveyed leaders, 49%, also say their top challenge is maintaining data integrity when transferring information across classified or coalition networks. That problem compounds with outdated infrastructure. These systems are often siloed and were never meant to share data at scale, especially not across international or multi-agency environments.
From a leadership perspective, the message is simple: ignoring infrastructure is not an option. IT and cybersecurity systems must be treated as strategic assets, not back-office costs. You wouldn’t operate mission-critical programs on an unsupported operating system or unpatched device. Yet, without aggressive modernization, that’s essentially what’s happening.
Modern infrastructure provides more than performance, it enables secure interoperability. That’s what national resilience depends on now. Agencies need systems designed for scale, flexibility, and data trust. Anything less is a liability under current attack conditions.
Identity and access management is a core obstacle to mission readiness
45% of respondents in the Everfox survey flagged identity and authentication across domains as their largest obstacle to accessing mission-critical data securely. That should get your attention. This is core infrastructure, and it’s directly affecting operational efficiency and data flow.
As agencies increasingly work across multiple domains, classified, unclassified, coalition, cloud, the number of access points multiplies. So do the complexities. Each domain has its own model for identity proofing, authentication, and authorization. When not unified, it causes friction. Delayed access. Incompatible credentials. Misaligned permissions. That bottlenecks mission speed and introduces preventable security risks.
From an executive viewpoint, fragmented identity systems are double trouble: operationally inefficient and inherently risky. Many are still running decentralized identity stacks designed for single-domain operation. But cross-domain environments are now standard for defense and critical services. That creates a constant collision between access needs and access controls.
Fixing this isn’t about adding more identity gateways. It’s about designing an identity and access management strategy that’s cohesive and scalable across environments. That means adopting stronger interoperability protocols and investing in systems that support continuous authentication, not static credentials. When access is dynamic but identity is trusted, response times shrink, and mission tempo increases.
If your teams can’t authenticate across domains seamlessly, then they can’t access critical data reliably, and that puts decision cycles at risk. It’s a structural weakness that leaders must address and solve, not defer.
Perimeter-based security models no longer fit the threat landscape
The perimeter-based approach to security doesn’t work anymore. The idea that everything inside your network is trusted, and everything outside is not, is no longer useful when threats are already inside, and data is moving between multiple systems, agencies, and partners. We’re well past the point where traditional models can keep up with secure data exchanges in high-stakes environments.
What agencies need is an integrated security architecture, one that combines Zero Trust, Data-Centric Security, and Cross Domain Solutions. This isn’t theory. These models were developed to adapt with growing complexity, not just build walls around it. Zero Trust treats every access request as a potential threat, regardless of origin. Data-Centric Security ensures that protection travels with the data itself. Cross Domain Solutions enable secure data flow across systems with different classification levels, without manual slowdowns or inconsistent controls.
Speed, security, and interoperability are now directly connected. Disconnected systems, legacy protocols, and reactive cybersecurity policies slow things down and introduce risk. An integrated model does more than mitigate, it enables mission operations at the speed required. That’s what the threat environment demands.
Executives should understand the strategic advantage here. This is not about deploying more tools, it’s about alignment. Internally across your environments, and externally with allied partners. When the underlying model is cohesive and adaptive, your security posture becomes proactive, not reactive.
Cybersecurity modernization is no longer optional, it’s operationally critical
Modernization isn’t something to roadmap over five to ten years, it’s something to execute now. Agencies are already behind. Legacy systems and inconsistent cybersecurity strategies slow down data sharing, increase attack surfaces, and erode trust in mission-critical workflows. If your infrastructure can’t support real-time operations and trusted exchanges with partners, you’re not just inefficient. You’re vulnerable.
The Everfox report highlights what many already know but haven’t acted on, manual transfer methods and siloed security models are still too common. These outdated practices weaken interoperability and delay mission outcomes. Public-sector organizations are trying to modernize, but without system-wide consistency and integrated security foundations, they’re just shifting risk around.
Leadership must own this. You don’t modernize for looks; you do it to safeguard mission resilience. That means rebuilding infrastructure, automating secure data flows, and establishing a modern identity architecture that holds up under pressure. When threats evolve weekly, and we’re seeing 137 cyberattacks per agency per week, you can’t afford outdated systems or outdated thinking.
Operational readiness today depends on how fast, how securely, and how consistently you can share trusted data. If legacy processes become a limiting factor, then modernization isn’t an upgrade. It’s mission assurance. And it needs priority.
Key highlights
- Manual data exposure: Over half of UK and US agencies still rely on manual data transfers, creating operational delays and exploitable security gaps. Leaders should prioritize automation to reduce human error and strengthen data protection.
- Escalating cyber threats: Cyberattacks on national security agencies now average 137 weekly, with the US seeing a 25% increase. Executives must advance cyber readiness by investing in real-time threat detection and responsive infrastructure.
- Legacy system risk: 78% of leaders identify outdated infrastructure as a top vulnerability, directly impacting secure data handling. Accelerating system modernization is critical to maintaining operational security and speed.
- Identity management friction: 45% cite cross-domain authentication as a major challenge, hindering mission-critical data access. Agencies should standardize identity protocols to enable seamless, secure access across environments.
- Outdated security models: Perimeter-based defenses no longer suffice for today’s distributed threat landscape. Leaders should adopt integrated frameworks like Zero Trust, Data-Centric Security, and Cross Domain Solutions for adaptive, scalable protection.
- Urgency of modernization: Lagging infrastructure and inconsistent controls undermine mission resilience and partner interoperability. Executives should treat cybersecurity modernization as an operational mandate, not a long-term IT project.
