Cybersecurity gains awareness, but not funding
- By Matt Leonard
- Sep 21, 2016
ORLANDO, FLA. -- Cybersecurity has been front and center for government over the past year with myriad reports of breaches resulting in stolen or locked data. The good news, however, is that government executives are taking steps to build security into all their operations, according to the annual cybersecurity survey from the National Association of State Chief Information Officers and Deloitte.
This year’s report showed “an encouraging trend,” in that cybersecurity was becoming a part of the fabric of government, according to Deloitte Principal Srini Subramanian. Forty-five percent of respondents said cybersecurity was talked about in their leadership meeting on a monthly basis, a 15 percent increase between 2014 and 2016.
Yet while the importance of security is acknowledged throughout agencies, the way people think about cyber still differs. Elected and appointed officials are more confident in the measures in place at agencies than chief information security officers are, Subramanian said. This disconnect “underscores the importance of transparent and candid risk and impact communication with business stakeholders,” he said.
That confidence gap can lead to funding challenges that many security professionals say they face in the government sphere, according to Michael Wyatt, a managing director at Deloitte. When CISOs ask for money they may fail to highlight some of the challenges they face, Wyatt told NASCIO attendees. “We need to balance showing confidence in what we’re doing and the ask, because there is selective hearing involved,” he said.
Washington state CISO Agnes Kirk said legislators there have been told that if they don’t invest in security now, they could be spending more money down the road when they pay to clean up a breach.
Indeed, funding is the main challenge faced by security professionals, Subramanian said. The majority of respondents said they spend between zero and 2 percent of their IT budget on security, 33 percent of respondents said security received flat funding and 65 percent said funding was inadequate.
Kirk said it was important to note that the federal government has increased its budget for cybersecurity for one simple reason: “If we don’t do cyber well, then we won't be doing anything.”
Matt Leonard is a former reporter for GCN.