SBA’s Cybersecurity Is Basically Schrödinger’s Firewall—Defined But Not Implemented
An Inspector General audit reveals that the Small Business Administration’s cybersecurity policies have the uncanny ability to appear robust on paper while being virtually non-existent in practice, except for incident response.