The public sector depends on the local and state governments for full spectrum protection against cyber threats. Cybersecurity is the only way to protect ourselves from the rising ransomware attacks to breaches of identity.
As technology advances, there are bound to be more hackers on the rise who daunt security providers with sophisticated tactics. The two parties are in a constant battle to outsmart each other with innovative ideas that either break or make the internet.
As per the latest 2022 Deloitte-NASCIO Cybersecurity Study, there is improvement and maturity in state-level cybersecurity as more officials and statesmen are now taking the threat more seriously.
When we take a look at the current context, every state has a chief information security officer (CISO). In addition, extra cybersecurity control measures are being taken, and there is a rise in the state-level budget.
This article covers the latest cybersecurity trends in the public sector based on the report given by CISOs from 53 US territories and states.
8 Public Sector Cybersecurity Trends
- Awareness in State Lawmakers
It is high time that the state lawmakers and officials took the matter into their hands. With increased cyber threats in both the federal and public sectors, lawmakers are finally taking action to combat the threats.
As more lawmakers enter the cybersecurity scene, more CISO funds are imbursed, and more cybersecurity programs are initiated. The survey points out that relatively more states are in need of a CISO. 44% of the US states are funding a CISO role, while 10% are putting extra effort into the cybersecurity process. The awareness is only beginning. There are still many states that do not have a proper cybersecurity protocol for routine checks on cyber threats and risks.
- Increased Cybersecurity Funds
Cyber theft is a very substantial threat. So, it is a relief to know that most states are taking measures to tackle the issue. As per the study, 30 states have raised their IT budgets for cybersecurity over the past year.
However, the budget percentage of cybersecurity isn’t maintained by most states. A few of them claim to have allotted about 10% of their budget to cybersecurity. The budget for cybersecurity is generally specified by the law, the governor’s orders, or state administrators. Only 2% of States are recorded to have lowered their budget for cybersecurity.
- Improved Cyber Administration
According to the survey, every state in the US has a CISO now. However, some US territories still don’t. Some states that are more prone to cyber-attacks have even gone the extra measure to deepen their security. They have even banded with CROs and CPOs to heighten their cybersecurity.
The collaboration with these security executives allows for a more regular and comprehensive report to the officials of the state on the subject.
- Fall in Complex Challenges
With better facilities and programs come better productivity and situations. And with the rise in budget, the future of cybersecurity is looking bright.
Outdated IT and security infrastructure, as well as poor and disengaging cybersecurity programs, had been a major threat to the public and scope for hackers. But as more funds are disbursed, CISOs have been able to upgrade and improve their system.
- Local Government at Higher Risks
The study above proves that the state governments are doing a good job when it comes to cracking complicated cyber cases. State governments are employing security awareness, threat monitoring, risk assessment, access management, and incident response, among others.
However, the same can’t be said for the local governments, which are still lagging. Only about 8% of local governments are equipped with solid cybersecurity to protect the locals, while 67% of state governments have reached maturity when it comes to security awareness.
- Minimal State and Local Cyber-Collaboration
There are few collaborations between the state and local governments. Only about 35% of CISOs working for the state collaborate with local governments. With the unwillingness of CISOs to work together with the local governments, minimal progress is seen on the local-state government front. We have seen collaboration with certain cybersecurity affairs between these governing bodies. Consider the take down of the dark web black market place “The Silk Road” or the prosecution of the creators of the backpage website. Sites like skipthegames escort finder and others that operate in the gray area between local and state governments often require collaboration between local and state cybersecurity teams.
- Lack of Cybersecurity Staff
There are still few people who are in the cybersecurity business, and not many people have the necessary talent to crack or prevent a cyber threat. Even with the increase in cybersecurity budgets, the lack of talent is a major setback when it comes to staffing. It is hard to find people with the right abilities to fill in the gaps in the department of cybersecurity. Even mid-level cybersecurity posts take over three months for an expert to fill in. Director-level positions generally take more than six months to fill.
- Cybersecurity and Outsourcing
Outsourced resources are valuable when it comes to filling the state CISOs’ competency gaps. Through cybersecurity contractors, a few cybersecurity offices are well-equipped with security providers. They usually employ 16 or more equivalents.
The number of CISOs in contract with an authorized security service provider for staff filling gaps has risen. In 2020, the percentage was only 51%, as compared to 78% in 2022.