State CISOs aren't bullish on cybersecurity

Survey finds cut or frozen budgets are hurting efforts to protect systems

As threats to data continue to grow, many cash-strapped states are struggling to provide cybersecurity with stagnant or reduced budgets, a new study concludes.

In a survey by the National Association of State CIOs and Deloitte, 79 percent of state chief information security officers reported that their cybersecurity budgets were either cut or frozen, CivSource reported. And nine of 10 CISO’s cited a lack of funding as the biggest hurdle to securing systems.

Related coverage:

Agencies’ big security weakness: Lack of money and people

A lack of money isn’t the only problem. The survey report, State Governments at Risk: A Call to Secure Citizen Data and Inspire Public Trust,”  focused on five areas:

Governance. The report recommends that CISOs “continue to evolve this position to garner enterprise visibility, authority, executive support, and business involvement.”

Strategy. States need an enforcement mandate similar to Federal Information Security Management Act to push states toward compliance with the National Institute of Standards and Technology’s risk assessment framework for strategic alignment.

Budget. “Security budgets and resources available to state CISOs lag behind those of their private-sector counterparts,” the report states, warning that the gap could get wider in the current economic environment.

Internal, external threats and creating a cyber mindset. Threats to personally identifiable information and protected health information are growing, and states are in the “early stages of establishing programs and deploying technology to protect this sensitive data,” the report states. CISOs need to adopt a “cyber mindset” using education and raising awareness.

Security of third-party providers. States’ management of third-party providers for sensitive or critical services “may not be keeping pace with the escalation of threats.”

Eric Chabrow in GovInfo Security points out that the trend in government stands in contract to what the private sector is doing. As separate Deloitte survey has shown that the financial services industry spent more on IT security during the economic downturn, Chabrow writes.


About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.


  • 2020 Government Innovation Awards
    Government Innovation Awards -

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected