Day 2 at the NASCIO annual meeting, and one hot topic is the new Cybersecurity survey results that were released this morning called
As I looked at the new survey results, I found several concerning trends that we didn't have time to discuss on the morning panel today. One of those trends was a reduction in vulnerability management implementations and less scanning of critical systems for vulnerabilities and malware. I am also concerned about the lack of trust that CISOs have in the level of expertise on their cybersecurity teams.
Another highlight was the majority of states reporting the same or less money for security programs at a time when the private sector is raising Cybersecurity budgets. A mismatch between "executive buy-in" and funding for security raises a red flag for me about how much real support exists.
I'm keeping this blog short, but I strongly urge you to go out and read the report and recommendations for CIOs and CISOs. Overall, there is a mixed message with some positive trends but also the realization that many states are not doing enough to secure their systems and data.
What are your thoughts on the survey results?