Secure Data Movement Slows Zero Trust in U.S. Government
Survey of 500 security leaders finds 84% say cross-network data sharing raises cyber risk and 53% still move sensitive data manually, hindering Zero Trust in U.S. government and defense.
The Cyber360: Defending the Digital Battlespace report, published in 2026, is based on a survey of 500 security leaders in U.S. and U.K. government, defense and critical services. It found 84% of respondents said sharing sensitive data across networks raises cyber risk, and 53% reported they still move that data manually.
Respondents identified outdated infrastructure, analog systems and manual processes as common weak points. Seventy-eight percent cited outdated infrastructure as a primary source of vulnerability. Forty-nine percent named ensuring data integrity and preventing tampering in transit as their single biggest challenge when transferring information across classified or coalition networks; 45% identified managing identity and authentication across multiple domains as their top access issue.
The report recorded an average of 137 attempted or successful cyberattacks per week against national security organizations in 2025, up from 127 the previous year. U.S. agencies experienced a 25% weekly increase. Industry data showed third-party involvement in breaches roughly doubled to about 30% of incidents, and breaches that span multiple environments had an average reported loss of $5.05 million compared with about $4 million for on-premises-only incidents.
Survey respondents described the task of moving data across trust boundaries as a verification problem rather than a routing task. Data crossing from operational technology networks to enterprise IT, between partner tenants and cloud environments, or between classified and unclassified systems must be validated, filtered and checked against policy before downstream systems act on it.
Respondents and analysts noted that modern architectures and legacy controls can slow or block those checks. Teams often accept delays to preserve security, but respondents warned those delays can create gaps when mission decision cycles shorten to seconds or milliseconds and automated detection and response systems operate without waiting for manual gateway inspections.
Operational technology incidents and managed file transfer breaches were cited as examples. The report noted that a majority of OT attacks now start with IT breaches, and about 70% of OT systems are expected to connect to IT networks within the next year. Exploits against managed file transfer platforms affected thousands of organizations and exposed personal data for tens of millions of people.
Survey participants and analysts recommended layered architectures that combine Zero Trust controls, data-centric security and cross-domain solutions to enforce policy at boundaries and support near-real-time, policy-controlled data sharing across environments.
The report found that reliance on manual transfers and legacy systems corresponds with a gap between the speed of mission operations and the speed of security controls, a gap reflected in the survey’s statistics.
