Cyber threats and attacks are becoming much more prominent throughout the world. The IBM “Cost of a data breach” report of 2022 mentions that the U.S. was the country with the highest financial damage caused by cyberattacks, with total costs of nearly $14 billion. Government institutions are attacked as a result of the public sector’s large gap between knowledge and awareness regarding cyber security. Phishing, “remote desktop protocol exploitation and software vulnerability exploitation” are among the most common forms of cyber threats and attacks, according to the FBI. Government assistance and increased awareness are two of the resulting benefits of the United States’ new legislation, which requires for companies to report any cyber-attacks within 3 days of an attempt and ransomware payments within 1 day. Technological assistance and government aid will be granted to many government agencies, including the departments of “Defense, State, Justice, Treasury, Commerce,” etc. Though providing institutions with different forms of aid is undoubtedly helpful, these companies still face hardships including lack of funding and insight. This means that agencies, local and federal, tend to operate under limited budgets which may be unable to cover costs for proper cybersecurity measures. Aside from this, just like with any other institutions, government agencies also, as of now, continue to lack enough knowledge and experience related to preventing potential cyberattacks. As for ensuring the security of government agencies and any entities directly or indirectly connected to them, the FBI recommends that these institutions follow certain standards in preparing themselves against cyber threats/attacks. Among the top preventive steps for government institutions to follow, according to the FBI, are: maintaining updated software and operating systems, increasing phishing awareness through trainings, requiring strong passwords, using multi-step authentication, having data backups offline (e.g., not through a cloud), data encryption, network segmentation, and implementing time-based access for important accounts. Though these are only some steps that can be utilized to prevent and protect against cyber threats and attacks, it is extremely important for government institutions to begin applying these standards to their own methods of work, as they will only become more vulnerable to attacks if they choose not to.