Several state agencies, boards, commissions and universities are allegedly failing to adhere to state cybersecurity laws, leaving Mississippians’ personal data vulnerable to hackers.

According to survey results published in a report from the Mississippi Office of State Auditor Shad White, many state entities are operating like state and federal cybersecurity laws do not apply to them, says the press release. As required by state law, the Auditor’s office sent a cybersecurity survey to 125 state agencies, boards, commissions and universities. Only 71 state entities responded to the survey, and several respondents did not complete it. This leaves the status of cybersecurity in more than 50 state entities completely unknown.

Among the government offices that replied to the survey, the report shows at least 11 do not have adequate written procedures to prevent or recover from a cyber attack. Another 22 respondents have not executed a third-party risk assessment. Having a third party test the vulnerability of an agency’s server is a requirement under state law, says the press release. Further, 38 percent of all respondents indicate sensitive information like health information, tax data and student information is not being encrypted to protect it from hackers.