TOPEKA, Kan. (AP) — The Kansas Legislature's auditing division says state agencies have significant information technology security weaknesses and haven't made progress since previous reports showed the same problems.

The Topeka Capital Journal reports that more than half of 19 state agencies studied failed to comply with IT security practices that protect sensitive information against data loss or theft. The findings were presented to the Legislative Post Audit Committee in an executive session and published online.

The audit division studied IT functions at agencies from January 2017 to December 2019. Most agencies failed to scan and patch computers to keep them secure. They didn't have adequate response plans and didn't encrypt, back up or destroy electronic data.

"A significant security breach could disrupt an agency's mission-critical work, and their reputation would be sorely damaged," the report said. "A breach also could require costly customer credit report monitoring and could create legal liabilities or financial penalties for the state."

The report blamed a lack of management attention and inadequate resources for the failures.

Department of Administration Secretary DeAngela Burns-Wallace assumed the role of chief IT officer for the state last summer. Department spokesman Samir Arif said she has emphasized that robust cybersecurity is a critical need for the state.