State CISOs gain stature, but still struggle with funding and workforce
- By Matt Leonard
- Oct 23, 2018
What: “2018 Deloitte-NASCIO Cybersecurity Study States at risk: Bold plays for change,” a survey of chief information security officers, or the equivalent, from all 50 states.
Why: Deloitte and the National Association of Chief Information Officers have conducted this survey five times since 2010 to shed light on how state governments are handling cybersecurity and how the relatively new role of CISO has transformed as cybersecurity becomes more important for states.
Findings: All 50 states have CISOs and 90 percent have a documented cybersecurity strategy and governance plan. CISOs have gained stature within state government, often meeting regularly with the governor. Still, CISOs said they faced challenges to implementing strong security practices, particularly when it comes to funding and workforce.
Although almost half the states lack a budget line item for cybersecurity, CISOs and CIOs should fight for dedicated funding, the report suggested, because it gives legislators and executive leaders better insight into the cyber spending within a state. Respondents also said cyber initiatives were more effective when they had commitment for funding.
To address tech workforce shortages, states are increasingly turning to outsourcing. But they are also promoting internships and the non-salary benefits of state government work to attract workers.
Over the series of surveys CISOs have grown more confident about their ability to protect against both internally and externally originating attacks. Respondents were the least confident when it came to threats originating from business partners and vendors, however, with a third saying they are not very confident, and more than half that they are somewhat confident.
Most states, according to 60 percent of respondents, have no enterprise-level chief privacy officer, down from 76 percent that didn’t have a CPO role in 2016.
Read the full report here.
Matt Leonard is a former reporter for GCN.