While the pandemic has highlighted the resilience of public sector cyber officials, it has also called attention to chronic challenges facing state information technology organizations including securing adequate budgets and talent, and coordinating security steps across agencies, a new report says.
The report, “States at Risk: The Cybersecurity Imperative in Uncertain Times,” released by consultant Deloitte and the National Association of State Chief Information Officers (NASCIO), shows how COVID-19 has challenged continuity and amplified gaps in budget, talent and threats, and the public sector’s need for partnerships.
“The pandemic forced state governments to act quickly, not just in terms of public health and safety, but also with regard to cybersecurity,” said Srini Subramanian, principal, Deloitte & Touche, and state and local government advisory leader. “However, continuing challenges with resources beset state CISOs/CIOs. This is evident when comparing the much higher levels of budget that federal agencies and other industries like financial services receive to fight cyber threats.”
The abrupt shift to remote work spurred by the pandemic exacerbated the challenges facing public entity CISOs, according to the study. Before the pandemic, 52% of respondents said less than 5% of staff worked remotely. During the pandemic, 35 states have had more than half of employees working remotely; nine states have had more than 90% remote workers.
“The last six months have created new opportunities for cyber threats and amplified existing cybersecurity challenges for state governments,” said Meredith Ward, director of policy and research at NASCIO. “The budget and talent challenges experienced in recent years have only grown, and CISOs are now also faced with an acceleration of strategic initiatives to address threats associated with the pandemic.”
The national study is based on responses from 51 U.S. state and territory chief information security officers (CISOs).
The study’s authors say collaboration with local governments and public higher education is critical to managing cyber risk within state borders. Also, CISOs need a centralized structure to position cyber in a way that improves agility, effectiveness and efficiencies.
Other takeaways from the 2020 study include:
- Fewer than 40% of states reported having a dedicated budget line item for cybersecurity.
- Half of states still allocate less than 3% of their total information technology budget on cybersecurity.
- CISOs identified financial fraud as three times greater of a threat as they did in 2018.
- Overall, respondents said they believe the probability of a security breach is higher in the next 12 months, compared to responses to the same question in the 2018 study.
- Only 27% of states provide cybersecurity training to local governments and public education entities.
- Only 28% of states reported that they had collaborated extensively with local governments as part of their state’s security program during the past year, with 65% reporting limited collaboration.
Was this article valuable?
Here are more articles you may enjoy.