US states paying more attention to security

Cybersecurity is becoming part of the fabric of state-level government operations in the US, but challenges including a lack of funding remain, a new report shows.

The report, jointly prepared by Deloitte and the US National Association of State CIOs, shows that most US states only spend between 0 and 2% of their overall IT budgets on security.

But despite tight budgets and difficulty finding qualified talent, the report also shows that governor-level awareness of cybersecurity issues has improved substantially. This year also marks the first time that all state government respondents to the survey reported having a CISO.

Many state governments are also conducting initiatives including training and operating security operations centres, making security a key component of their operations.

“The survey results spell out a clear message for CISOs: state leaders are paying attention. Take advantage of this focus to make substantial progress,” Deloitte & Touche Principal Srini Subramanian said.

“Those CISOs who are able to harness this attention and build stronger relationships with business executives and state legislators have an opportunity to garner more resources and support for their initiatives.”

There is still progress to be made on this front. The report shows that a confidence gap exists between the IT department and state officials, suggesting that state CIOs and CISOs need to better communicate cybersecurity risks.

Image courtesy of NASA Goddard Space Flight Center  under CC