An audit released Wednesday shows significant cyber security lapses in Oregon government agencies.

The audit conducted by the Secretary of State’s Office reviewed 13 of the state’s 300 agencies and boards.

It found some agencies don’t even have a digital security plan. Those that do are underfunded, understaffed or use outdated software.

“We’re behind. I think there’s no doubt about that,” said Jeanne Atkins, Oregon’s Secretary of State.

Oregonians’ personal information is at risk, she said.

“This is in some respect an alert to the legislature to the next session that they may have created a structure and it is coming on board slowly, but there’s going to need to be serious attention and quick attention,” Atkins said.

In September, Gov. Kate Brown unified cybersecurity under the state’s Chief Information Officer.

In a letter responding to the audit, CIO Alex Pettit says he largely agrees with the findings and is already working to address them.