State of Cyber Defense

U.S. Virgin Islands

A high-level overview of the escalating cyber threats facing the USVI and the territory's evolving response capabilities, based on recent incidents and official reports.

2%

Employee Training Gap

Portion of government staff trained to spot phishing as of 2021, a critical vulnerability.

$2.17M

Lost to Phishing

Amount lost by the Water & Power Authority in a single fraudulent wire transfer scam.

12+/Week

Security Alerts

Average number of weekly security events requiring attention by the Bureau of IT.

An Escalating Wave of Attacks

From phishing scams to crippling ransomware, the frequency and severity of cyber incidents in the USVI have steadily increased, impacting critical sectors across the territory.

2018: WAPA Phishing Scam

The Water & Power Authority lost $2.17 million to fraudulent wire transfers.

2019: Police Dept. Ransomware

Access to historical case records was crippled by two separate attacks.

Oct 2023: Healthcare Clinic Breach

Frederiksted Health Care forced offline, suspected ransomware holding patient data.

July 2024: Hospital Ransomware

Schneider Regional Medical Center's electronic health records were knocked out.

Mar 2025: Lottery Ransomware

A six-week operational shutdown resulted from an attack with a $1M ransom demand, which was refused.

The Anatomy of a Threat

Primary Attack Vectors
Ransomware is the most dominant threat, but other methods pose significant risks.
Most Targeted Sectors
Attacks focus on critical infrastructure and public services to maximize disruption.

Dynamic Threat Briefing

Click the button below to generate a real-time, AI-powered analysis of the current threat landscape based on the data presented in this infographic.

Your AI-generated threat analysis will appear here.

The Human Factor: A Critical Vulnerability

Technology alone cannot secure a network. With only a fraction of employees trained to identify threats, the risk of human error leading to a major breach remains exceptionally high.

Only 2 in 100 Government Employees are Trained in Phishing Detection

Each icon represents a government employee. The colored icons represent those trained to spot phishing scams.

The Response Playbook: A Collaborative Defense

When a major incident occurs, the USVI activates a multi-agency response structure, combining local expertise with powerful federal resources to contain threats and manage recovery.

CYBER INCIDENT

Affected Agency Incident Command

Isolates Systems & Manages Operations

Bureau of IT (BIT) & Cyber Council

Provides technical support, policy guidance, and coordinates the government-wide response.

VITEMA & Fusion Center

Manages emergency grants, planning, and shares threat intelligence with partners.

FBI, CISA & Federal Partners

Engaged for forensics, incident response, and investigation of serious breaches.

Path Forward: Recommendations

1. Expand Cyber Training

Make awareness training mandatory for all government employees to create a human firewall against phishing and social engineering.

2. Centralize IT Security

Empower the Bureau of IT to enforce uniform security standards and monitor all agency networks from a central SOC.

3. Enhance Response Planning

Conduct annual incident response drills and tabletop exercises for all critical agencies to identify and close gaps.

4. Mandate MFA Everywhere

Require multi-factor authentication for all users accessing government systems to drastically reduce breach risk.

5. Improve Backups

Mandate regular, tested, and offline backups for all agencies to ensure rapid recovery from ransomware without paying ransoms.

And... Accelerate Funding

Urgently deploy available grant funds for critical upgrades, security tools, and proactive penetration testing.

Personalized Security Recommendations

Select your role to receive AI-generated cybersecurity tips tailored to your specific needs and context within the USVI.

Your personalized recommendations will appear here.