Year: 2018

Seeking to tap into Africa’s informal savings groups the Nigerian investment startup Piggybank.ng closed $1.1M in seed funding and announced a new product — Smart Target, which offers a more secure and higher return option for Esusu or Ajo group savings clubs common across West Africa.

The financing was led with a $1 million commitment from LeadPath Nigeria, with Village Capital and Ventures Platform contributing $50,000 each.

Founded in 2016, Piggybank.ng offers online savings plans — primarily to low and middle income Nigerians — for deposits of small amounts on a daily, weekly, monthly, or annual basis. There are no upfront fees.

Savers earn interest rates of between 6 to 10 percent, depending on the type and duration of investment, Piggybank.ng’s Somto Ifezue told TechCrunch in Lagos with co-founders Odunayo Eweniyi and Joshua Chibueze.

Users need an account with one of PiggyBank.ng’s bank partners to use the products. The startup generates returns for small-scale savers (primarily) through investment in Nigerian government securities, such as bonds and treasury bills.

PiggyBank.ng generates revenue through asset management and from the float its balances generate at partner banks.

The startup looks to grow clients across younger Nigerians and the country’s informal saving groups.

“The market that we are trying to serve is largely the millennial market, though we do not exclude anyone,” said Eweniyi, the company’s chief operating officer. The venture also looks to meet a demand in Nigeria for accessible investment options, citing a survey they conducted indicating that as a top priority for people with discretionary income.

“Piggybank offers savings, but our vision is not just savings, but to become a holistic platform — a financial warehouse — where other financial providers can plug in their services for PiggyBank users,” said Eweniyi. She cited banks, investment houses, insurance, and pension funds as possible partners.

The company currently has 53,000 registered users — 60 percent of whom are Nigerian Millennials — who have saved in excess of $5M since 2016, according to a release.

PiggyBank.ng will use its $1.1M in new seed funding for “license acquisition and product development.”

The startup has taken preliminary steps to launch in other African countries (Kenya in particular) but could not offer exact details.

Groups will be able to choose savings options and goals through PiggyBank.ng’s app and receive automated disbursement of returns across their individual bank accounts, according to COO Eweniyi .

As for how the company assures savers it won’t become another Ponzi scheme, Piggybank.ng and its lead investor point to the startup’s pending banking license with Nigeria’s Central Bank. The company is in the process of acquiring a micro-finance banking license, something LeadPath Nigeria founder Olumide Soyombo confirmed on a call with TechCrunch. He also pointed to Piggybank’s client balances being held with registered banks, which are protected under Nigeria’s own FDIC type banking insurance.

Soyombo will take a role on Piggybank.ng’s board and he’d like to see them open up new options for individuals to input money on the platform. “The agent network business is a huge play we plan to go into. They’ve basically become like human ATMs,” Soyombo said. He referenced Nigerian digital payment company Paga and Safaricom’s M-Pesa with large agent network stations where clients can fund digital accounts with cash.

While digital payments products have caught on in certain parts of Africa, E-Trade type citizen investment platforms have yet to emerge at any scale.

Soyombo doesn’t see Piggybank.ng moving from fixed income investments to equities just yet. “Maybe down the line stocks could be an interesting play, but not right now. People are currently looking for a more risk free place to e-tail,” he said.

Soyombo believes Piggybank.ng has the potential to become an acquisition target.

“They usually only happen in our market with two main players: banks and telcos,” he said. “The banks have been slow to try new things in this savings space. Piggybank is coming in…and filling a particular need, so they are in a very acquisitive space.”

Google is increasing its focus on India after it released a new social app that’s aimed at building neighborhood communities within cities in the country.

The company’s ‘Next Billion’ team in charge of emerging markets has dedicated significant resources to India. Its initiatives include data-friendly versions of YouTube and other popular services, its Tez mobile payment app, a food delivery service and a national WiFi network initiative. Now it is adding one more to the list with the release of Neighbourly, a Q&A app for sharing local knowledge.

The basic goal is to give local communities an outlet to seek answers to practical questions about local life, routine and more. Google believes that an increase in urban migration, short-term leasing and busy lives has changed the dynamic of local communities and made it harder to share information quite so easily.

“Life happens close to home, in order the of a 1-2km radius, and local questions come up all the time. But as cities get bigger and bigger, we’re finding that these local questions are getting hard to use — word of mouth used to be key,” Josh Woodward, a product manager within the Next Billion initiative, explained to TechCrunch.

“We built neighborly as a way to connect you with your neighborhood, ask questions, share expertise and stay up to date in a safe way,” he added.

This idea is nothing new, of course. Already in India, WhatsApp — which counts 200 million users in the country — has a range of community groups, but the big issue is discovery since new users have to be added to the group directly.

The new Google app is much like Jelly, the question and answer service from Twitter co-founder Biz Stone that was ultimately bought by Pinterest, but with localized tweaks. A beta version of the app is initially available in Mumbai, but users located in other areas can join a waitlist pending expansion.

Questions and answers are handled via swipeable cards — who knew Tinder’s design would reach neighborhood community apps in India — while the app uses GPS to add a user into their neighborhood right from sign-up.

Woodward said Google is employing ranking and personalization technology which, over time, will match users with the kind of questions they can answer or have shown an interest in. For now, the service is app-based with a read-only mobile web version.

Google’s local tweaks to make the app easy to use include voice-based entry for questions, which covers a range of India’s non-English languages, and a series of prompts that pop up when a user decides to post a question to help them start.

The company has looked at safety issues, and made it easy to flag content which is unsuitable. Once flagged, Woodward confirmed the content is passed to a local content moderator who asses whether it is “neighborly.”

In terms of safety, users sign up using a first name only, there is no private messaging or phone number requirement, and individual profile photos cannot be copied via screenshot and don’t expand when clicked to prevent being stolen. That taps into concern women have about their photos being abused, an issue that Facebook has taken measures against in India, too.

In fact, at sign-up, Google asks users to agree to a ‘contract’ — “I will respect my neighbors” — before letting them into the app. But still, you’d imagine that the laws of the internet will mean that some people will misuse the service.

Profile pages do, however, display badges earned by answering questions — both an incentive and a display of trust, according to Woodward — while users can follow, and be followed, to keep with certain users and their content.

Google tested the app on thousands of users over a period of about a month to get the mechanics right. Woodward said that 30-50 percent of questions were answered within five minutes, which bodes well but discovery looks like being the key issue. That was ultimately the downfall of Jelly, albeit that both apps serve very different audiences and purposes.

Further down the line, Woodward said that Google could add business accounts and integrate other Google services into Neighbourly, but for now the sink-or-swim challenge is to make an impact.

The launch of Neighbourly comes the same day that Google launched Files Go in China. In doing so, the search giant gave a glimpse at its new strategy for China, which involves opportunistic product launches, relationships and strategic investments.

Starting in July, Australians will be blocked from ordering items on Amazon’s United States site. The company said today that shoppers in Australia will be redirected to its local site, Amazon.com.au, and that its international sites, including Amazon.com, will no longer ship to Australian addresses. The change is in response to a new tax regulation that goes into effect on July 1 and requires businesses earning more than $75,000 AUD a year to charge Australia’s 10% Goods and Services Tax (GST) on low value items imported by consumers.

Called the “Amazon tax,” the new policy was introduced following concerns about the impact of Amazon and other large overseas e-commerce businesses on Australian retailers, who have to apply GST to all products they sell. A loophole in tax regulations, however, means that the GST is currently applied only to items purchased from overseas retailers if they are worth $1,000 AUD or more, which many local companies argued gave Amazon, eBay and other overseas competitors an unfair advantage.

Amazon launched its Australian site last December and says it currently has 60 million products, a fraction of the estimated 500 million products that are listed on Amazon’s U.S. site. As a placation, Australian customers will also have access to 4 million products that were previously available only on Amazon.com through its new Global Store.

In a statement emailed to TechCrunch, an Amazon spokesperson said:

“As a result of changes to Australian GST law on 1 July, international shopping options for Australian customers will change.

While we regret any inconvenience this may cause customers, we have had to assess the workability of the legislation as a global business with multiple international sites. Based on our assessment, we will redirect Australian customers from our international sites to amazon.com.au where they can shop for products sold by Amazon US on the new Global Store, available today. This will allow us to provide our customers with continued access to international selection and remain compliant with the law which requires us to collect and remit GST on products sold on Amazon sites that are shipped from overseas.”

At the Code Conference tonight, Uber CEO Dara Khosrowshahi spoke about the company’s relationship with drivers, autonomous driving, uberEATS having a $6 billion bookings run rate, taking over as CEO and flying taxis, obviously.

Just this week, San Francisco City Attorney Dennis Herrera sent subpoenas to Uber and Lyft seeking information on driver pay, benefits and classification info. Uber wasn’t available for comment at the time, but now it seems that the company is looking at ways to offer benefits and insurance to drivers. Specifically, Uber is looking at an economically-sound way to offer drivers a benefits and insurance package so that “this can be a safer way of living,” Khosrowshahi said.

And despite what former Uber CEO Travis Kalanick said in the past about needing to get rid of the driver, Khosrowshahi said he disagrees.

“The face of Uber is the person sitting in the front seat,” Khosrowshahi said. He added that it usually is a man driving, but that he would “love to have more women sitting in the front seat” because it’s a “great form of employment.”

Still, Uber is moving ahead with autonomous driving. That’s in light of the fatal car accident in Tempe, Arizona involving one of Uber’s autonomous vehicles.

“We will get back on the road over the summer,” Khosrowshahi said.

Uber also envisions licensing its technology — once it’s safe enough — to third-parties and original equipment manufacturers (OEMs). Despite the high-profile lawsuit between Uber and Waymo over self-driving car technology, Khosrowshahi said he’d welcome Waymo to put its cars into its network. Regarding Uber’s relationship with Waymo, Khosrowshahi said it’s “getting better.”

In addition to Uber’s core driver business and autonomous driving, it has several other things going on for it. One of those is uberEATS, which Khosrowshahi said has a $6 billion run rate, is growing 200 percent and is the biggest food delivery company in the world, with the exception of those in China.

Uber also recently acquired JUMP Bikes for about $200 million, launched UberRENT, announced a public transportation partnership with Masabi and is working on flying cars via its Elevate program.

Just like residential and buildings have gone three-dimensional, Khosrowshahi said, “you’re going to have to build a third-dimension in terms of transportation.”

For Uber, Elevate is its “big bet” on that third-dimension of transportation, he said. The big plan with all of these modes of transportations — whether that’s bike-sharing, ride-sharing, flight-sharing or whatnot — is to become a multi-modal transportation service.

“We want to be the Amazon for transportation,” Khosrowshahi said.

Earlier in the conversation, Khosrowshahi shed some light into how he had no idea he’d get the chief executive officer job at Uber. In fact, he said that while his wife thought he would get the job, he wasn’t as optimistic.

He also spoke about his relationship with Kalanick and how, early on, Khosrowshahi asked for space and Kalanick respected that.

“I consult with him the way I consult with the board,” Khosrowshahi said.

Moving forward, Khosrowshahi still has his eyes set on the second half of 2019 to go public.

“We’re on track,” he said.

SenseTime, the world’s highest-valued AI company with a valuation of over $4.5 billion, is back in the money again.

The company raised $600 million in an Alibaba-led financing round announced last month, and now it has added a further $620 million to that with a “Series C+” round announced today.

Alibaba led the previous deal, and this time around the investors include more traditional names such as Fidelity International, Hopu Capital, Silver Lake and Tiger Global. Qualcomm, which previously backed the firm, was also in this round, SenseTime confirmed.

The new money takes SenseTime to $1.6 billion from investors to date. The valuation has remained “over” $4.5 billion across both of these recent rounds, according to the company. It was previously valued at $1.5 billion when it raised a $410 million Series B last year.

Alibaba said at the time of its investment last month that it had become the largest-single investor in SenseTime. Given this fresh injection, it isn’t clear whether that has changed. A SenseTime spokesperson told TechCrunch that “Alibaba and other lead investors have similar status.”

SenseTime said it has more than 400 customers across a range of verticals including fintech, automotive, fintech, smartphones, smart city development and more that include Honda, Nvidia, China’s UnionPay, Weibo, China Merchants Bank, Huawei, Oppo, Vivo and Xiaomi.

Perhaps its most visible partner is the Chinese government, which uses its systems for its national surveillance system. SenseTime process data captured by China’s 170 million CCTV cameras and newer systems which include smart glasses worn by police offers on the street.

China has placed vast emphasis on tech development, with AI one of its key flagposts.

A government program aims to make the country the world leader in AI technology by 2030, the New York Times reported, by which time it is estimated that the industry could be worth some $150 billion per year. SenseTime’s continued development fees directly into that ambition.

SenseTime has been busy extending its presence lately. It became the first company to join the MIT Intelligence Quest and, alongside Alibaba, it is launching an AI lab in Hong Kong. The firm said, too, it has formulated an AI textbook for secondary students in China which will make its way to 40 schools soon.

Google has continued its slow and steady China strategy after it launched Files Go, a files management service for Android devices. The app launched to global markets last year but today it landed in China via four third-party app stores.

Named ‘Google 文件极客’ in China, the app helps users keep within the storage limits of their device by suggesting files to delete if they need to free up space. It also includes feature for finding files and sharing them to local devices without an internet connection. Like a solid internet connection, keeping enough free space on a device is critical to it running efficiently and quickly which is Files Go aims to help.

Files Go was designed for India, where budget Android phones are mainstream, but interest in the app was so widespread that it was later launched worldwide. Indeed, the U.S. is now the third-largest market for the app, Josh Woodward, a product manager within Google’s ‘Next Billion’ team, told TechCrunch in an interview.

Given that global demand, bringing the app to China, where Google is testing out new strategies, makes plenty of sense. The launch also allows Google to work with third-party app stores for distribution since the Google Play Store is banned in China. It selected Tencent, Xiaomi, Huawei and Baidu and the experience is sure to help Google figure out the lay of the land.

Google’s services remain banned in the country, but this is the third product launch it has made in China following the return of Google Translate last year and this week’s launch of ACCore.

Google is slowing piecing together a strategy for China to ensure that it doesn’t miss out on the growth of technology in the world’s largest country. It’s been months in the making through a series of gradual plays, but further evidence of those plans comes today via a product launch.

Files Go — a file manager for Android devices released last year — has made its way to China today. Not a huge launch, for sure, but the mechanisms behind it provide insight into how Google may be thinking about the country, where it has been absent since 2010 after redirecting its Chinese search service to Hong Kong in the face of government pressure.

For Files Go, Google is taking a partner-led approach to distribution because the Google Play Store does not operate in China. The company is working with Tencent, Huawei, Xiaomi and Baidu, each of which will stock the app in their independent app stores, which are among the country’s most prominent third-party stores.

Let that sink in a little: the creator of Android is using third-party Android app stores to distribute one of its products.

On the outside that’s quite the scenario, but in China it makes perfect sense.

There’s been regular media speculation in recent about Google’s desire to return to China which, during its absence, has become the largest single market for smartphone users, and the country with the most app downloads and highest app revenue per year. Mostly the rumors have centered around audacious strategies such as the return of the Google Play Store or the restoration of Google’s Chinese search business, both of which would mean complying with demands from the Chinese government.

Then there’s the politics. The U.S. and China are currently in an ongoing trade standoff that has spilled into tech, impacting deals, while Chinese premier Xi Jinping has taken a protectionist approach to promoting local business and industries, in particular AI. XI’s more controversial policies, including the banning of VPNs, have put heat on Apple, which stands accused of colluding with authorities and preventing free speech in China.

Even when you remove the political issues, a full return is a tough challenge. Google would be starting businesses almost from scratch in a highly competitive market where it has little brand recognition.

It’s hardly surprising, then, that it hasn’t made big moves… yet at least.

Instead, it appears that the company is exploring more nimble approaches. There have been opportunistic product launches using established platforms, and generally Google seems intent at building relationships and growing a local presence that allows its global business to tap into the talent and technology that China offers.

Files Go is the latest example, but already we’ve seen Google relaunch its Translate app in 2017 and more recently it brought its ARCore technology for augmented and virtual reality to China using partners, which include Xiaomi and Huawei.

Beyond products, Google is cultivating relationships, too.

It inked a wide-ranging patent deal with Tencent, China’s $500 billion tech giant which operates WeChat and more, and has made strategic investments to back AI startup XtalPi (alongside Tencent), live-streaming platform Chushou, and AI and hardware company Mobvoi. There have been events, too, including AlphaGo’s three-game battle with Chinese grandmaster Ke Jie in Wuzhen, developer events in China and the forthcoming first Google Asia Demo Day, which takes places in Shanghai in September.

In addition to making friends in the right places, Google is also increasing its own presence on Chinese soil. The company opened an AI lab in Beijing to help access China-based talent, while it also unveiled a more modest presence in Shenzhen, China’s hardware capital, where it has a serviced office for staff. That hardware move ties into Google’s acquisition of a chunk of HTC’s smartphone division for $1.1 billion.

The strategy is no doubt in its early days, so now is a good time to keep a keen eye on Google’s moves in this part of the world.

Diversity and inclusion is a trash fire in Silicon Valley and in the business world at large. But let’s just focus on tech for now. At the Code Conference this evening, All Raise and Cowboy Ventures Partner Aileen Lee, shift7 CEO Megan Smith and Stubhub President Sukhinder Singh Cassidy talked about the state of diversity and inclusion in tech. Lee kicked things off with how the idea and statement that someone is such a “good guy” bothers her.

Often times, she said, that’s the qualification for how many of these men get the opportunity to invest in companies or work at certain companies. Meanwhile, if someone suggests a woman or person of color, Lee said, the questions are totally different and focused on qualifications.

“Good guys have hired and funded good guys,” Lee said.

Moving forward, “we need to systematically map out our industry and business processes and try to take the biases out of them,” Lee said. She added, “people have not been given a fair shot and we need to kind of re-engineer our business.”

“Last year it was like every month there was a new story where you just could no longer ignore it,” Lee said. “We have a lot of work to do but I’m pretty optimistic.”

She pointed to how she’s sat at a board meeting where the male CEO pointed out, unprompted, that he sees the company is all male and is at risk of becoming a company no one would want to work for.

The panel also touched on the importance of diversity at the board level and some backlash. For example, some firms have suggested men don’t have one-on-one meetings with women. But Lee says, “we’re definitely not going to solve this problem by men saying they’re afraid to meet with women.”

Toward the end of the panel, Smith pointed out that “the people who are most left out are women of color.”

While there were women of color on stage at the Code Conference this week, Smith’s assertion was especially notable given the absence of black men and women.

This super creepy Tom Waits number pops into my head every time I read about another Apple content acquisition. For a billion-dollar project from one of the world’s biggest companies, the company’s upcoming streaming service is shaping up to be a strange collection of original content. 

Of course, I’m not really sure what I expected after Apple unleashed Carpool Karaoke and Planet of the Apps on the world. Neither were the kind of thing that imbues you with confidence in a company’s programming choices.

I wrote a review of sorts of the former here, but was willing to give the show the benefit of the doubt that it just wasn’t for me, like cilantro, cats or late-era Radiohead. But clearly I wasn’t alone on this one. And Planet of the Apps — the less said about that one the better, probably. Neither particularly jibe with Eddy Cue’s whole, “We’re not after quantity, we’re after quality” spiel.

Announcements have picked up considerably, even in the few months following that appearance at SXSW, but Apple’s got a lot of catching up to do against content juggernauts like Netflix, Hulu and even Amazon. Of course, the company’s got a long, proud history of showing up a bit late to the party and still blowing the competition out of the water in the hardware space.

And while Apple Music is still far from overtaking Spotify, the music streaming service has been adding subscribers at a steady clip, courtesy of, among other things, being built directly into the company’s software offerings — a fringe benefit that Apple’s eventual video streaming service will no doubt share. It’s true, of course, that users are more likely to subscribe to multiple video streaming services than music ones, but the company’s going to have to offer more than ecosystem accessibility. At this point, however, it’s hard not to side with Fox CEO James Murdoch’s comments on the matter from earlier today.

“Going piece by piece, one by one, show by show, etc., is gonna take a long time to really move the dial and having something mega,” the exec told a crowd at the Code Conference. “I do think that’s gonna be very challenging.”

And this first round of programming is a bit of a mixed bag. Among the current crop of offerings, Amazing Stories feels like close to a slam dunk, because if the combination of Spielberg and nostalgia can make Ready Player One a box office success story, then, well, surely it can work on anything, right?

Perhaps it’s the dribs and drabs with which the company has been revealing its content play over a matter of months. When Apple wanted to launch a streaming music service, the company went ahead and bought Beats in 2014. Sure, the headphone business was a nice bonus, but it was pretty clear from the outset that Beats Music was the real meat of that deal. A year later, Apple Music was unleashed on the world. 

The latest rumors have the company’s video streaming service “launching as early as March 2019.” That gives the company a little less than a year to really wow us with original content announcements, if it really wants to hit the ground running — assuming, of course, that many or most of the titles are already in production.

More likely, the company will ultimately ease into it. Apple Music, after all, didn’t exactly light the world on fire at launch, and Apple’s got no shortage or revenue streams at the moment, so it certainly won’t go bust if its billion-dollar investment fails to pay off overnight. But the competition is fierce for this one, extending beyond obvious competitors like Netflix and Hulu to longstanding networks like HBO, which are all vying to lock you in to monthly fees.

This battle won’t be easily won. The company has been mostly tight-lipped in all of this (as is its custom), but success is going to take a long-term commitment, with the understanding that it will most likely require a long runway to reap its own investment.

That projected $4 billion annual investment looks like a good place to start, but with Netflix planning to spend double that amount this year and Amazon potentially on target to pass it, Apple’s in for a bloody and expensive fight. 

The Office of Management and Budget reports that the federal government is a shambles — cybersecurity-wise, anyway. Finding little situational awareness, few standard processes for reporting or managing attacks, and almost no agencies adequately performing even basic encryption, the OMB concluded that “the current situation is untenable.”

All told, nearly three quarters of federal agencies have cybersecurity programs that qualified as either “at risk” (significant gaps in security) or “high risk” (fundamental processes not in place).

The report, which you can read here, lists four major findings, each of which with its own pitiful statistics and recommendations that occasionally amount to a complete about-face or overhaul of existing policies.

1. “Agencies do not understand and do not have the resources to combat the current threat environment.”

The simple truth and perhaps origin of all these problems is that the federal government is a slow-moving beast that can’t keep up with the nimble threat of state-sponsored hackers and the rapid pace of technology. The simplest indicator of this problem is perhaps this: of the 30,899 (!) known successful compromises of federal systems in FY 2016, 11,802 of them never even had their threat vector identified.

So for 38 percent of successful attacks, they don’t have a clue who did it or how!

This lack of situational awareness means that even if they have budgets in the billions, these agencies don’t have the capability to deploy them effectively.

While cyber spending increases year-over-year, OMB found that agencies are not effectively using available information, such as threat intelligence, incident data, and network traffic flow data to determine the extent that assets are at risk, or inform how they to prioritize resource allocations.

To this end, the OMB will be working with agencies on a threat-based budget model, looking at what is actually possible to affect the agency, what is in place to prevent it, and what specifically needs to be improved.

2. “Agencies do not have standardized cybersecurity processes and IT capabilities.”

There’s immense variety in the tasks and capabilities of our many federal agencies, but you would think that some basics would have be established along the lines of best practices for reporting, standard security measures to lock down secure systems, and so on. Nope!

For example, one agency lists no fewer than 62 separately managed email services in its environment, making it virtually impossible to track and inspect inbound and outbound communications across the agency.

Only half of the agencies the OMB looked at said they have the ability to detect and whitelist software running on their systems. Now, while it may only be needed on a case by case basis for IT to manage users’ apps and watch for troubling processes, well, the capability should at least be there!

When something happens, things are little better: 59 percent of agencies have some kind of standard process for communicating cyber-threats to their users. So, for example, if one of their 62 email systems has been compromised, the agency as likely as not has no good way to notify everyone about it.

And only 30 percent have “predictable, enterprise-wide incident response processes in place,” meaning once the threat has been detected, only one in three has some kind of standard procedure for who to tell and what to tell them.

Establishing standard processes for cybersecurity and general harmony in computing resources is something the OMB has been working on for a long time. Too bad the position of cyber coordinator just got eliminated.

3. “Agencies lack visibility into what is occurring on their networks, and especially lack the ability to detect data exfiltration.”

Monitoring your organization’s data and traffic, both internal and external, is a critical part of any cybersecurity plan. Time and again federal agencies have proven susceptible to all kinds of exfiltration schemes, from USB keys to phishing for login details.

Turns out that only 27 percent of the agencies even “have the ability to detect and investigate attempts to access large volumes of data.”

Simply put, agencies cannot detect when large amounts of information leave their networks, which is particularly alarming in the wake of some of the high-profile incidents across government and industry in recent years.

Hard to secure your data if you can’t see where it’s going. After the “high-profile incidents” to which the OMB report alludes, one would think that detection and lockdown of data repositories would be one of the first efforts these agencies would make.

Perhaps it’s the total lack of insight into how and why these things occur. Only 17 percent of agencies analyzed incident response data after the fact, so maybe they just filed the incidents away, never to be looked at again.

The OMB has a smart way to start addressing this: one agency that has its act together will be designated a “SOC [Secure Operations Center] Center of Excellence.” (Yes, “Center” is there twice.) This SOC will offer secure storage and access as a service to other agencies while the latter improve or establish their own facilities.

4. “Agencies lack standardized and enterprise-wide processes for managing cybersecurity risks”

There’s a bit of overlap with 2 here, but redundancy is the name of the game when it comes to the U.S. government. This one is a bit more focused on the leadership itself.

While most agencies noted… that their leadership was actively engaged in cybersecurity risk management, many did not, or could not, elaborate in detail on leadership engagement above the CIO level.

Federal agencies possess neither robust risk management programs nor consistent methods for notifying leadership of cybersecurity risks across the agency.

In other words, cyber is being left to the cyber-guys, with little guidance or clout offered by the higher-ups at the agencies. That’s important because, as the OMB notes, many decisions or requests can only be made by those higher-ups. For example, budgetary concerns.

Despite “repeated calls from industry leaders, GAO [the Government Accountability Office], and privacy advocates” to utilize encryption wherever possible, less than 16 percent of agencies achieved their targets for encrypting data at rest. 16 percent! Encrypting at rest isn’t even that hard!

Turns out this is an example of under-investment by the powers that be. Non-defense agencies budgeted a total between them of under $51 million on encrypting data in FY 2017, which is extremely little even before you consider that half of that came from two agencies. How are even motivated IT departments supposed to migrate to encrypted storage when they have no money to hire the experts or get the equipment necessary to do so?

“Agencies have demonstrated that this is a low priority…it is easy to see government’s priorities must be realigned,” the OMB remarked.

While the conclusion of the report isn’t as gloomy as the body, it’s clear that the OMB’s researchers are deeply disappointed by what they found. This is hardly a new issue, despite the current President’s designation of it as a key issue — the previous Presidents did as well, but movement has been slow and halting, punctuated by disastrous breaches and embarrassing leaks.

The report declines to name and shame the offending agencies, perhaps because their failings and successes were diverse and no one deserved worse treatment than another, but it seems highly likely that in less public channels those agencies are not being spared. Hopefully this damning report will put spurs to the efforts that have been limping along for the last decade.