Write Up:

Statewide, MoDOT maintains thousands of computer devices. Keeping those computers safe from outside threats is a 24-hour responsibility using the latest security measures.

For the first quarter of fiscal year 2026, MoDOT received a total of 13,644 emails containing malicious content (links and/or attachments) delivered to user inboxes. Of those 13,644 delivered emails, 16 recipients clicked on the links or attachments. Among those 16 clicks, nine were blocked at the time of click while the remaining seven were permitted. 

This quarter saw a drop in the number of malicious emails delivered to user inboxes. The current high is 16,206 malicious emails delivered in the fourth quarter of FY 2025. Out of the 91 days in this quarter, there were only 16 days when MoDOT did not receive a malicious email directly to the user's inbox. These emails came from 51 campaigns, with six threat actors involved.

MoDOT continues to emphasize cybersecurity and provide training for all department computer users. The cybersecurity oversight team works to define areas of vulnerability and deploy solutions to address risk. In addition, MoDOT utilizes the Office of Administration’s network firewall services, endpoint cybersecurity detection and remediation services to provide increased cyber protection.

Purpose of the Measure:

This measure reports MoDOT's average click rate on malicious email links and attachments. Using this measure, MoDOT can compare performance to previous quarters and make adjustments in the security training program to reflect the observed trend.

Measurement and Data Collection:

The incident data for this measure is captured from MoDOT's e-mail security platform.
The target for this measure is zero clicks.