Extreme budget cuts across state governments put vital data and personal information at risk, which means state chief information security officers (CISO) must make cyber-security an immediate priority, according to a new study by Deloitte and the National Association of State Chief Information Officers (NASCIO).
The survey, State Governments at Risk: A Call to Secure Citizen Data and Inspire Public Trust, found that 79 percent of state CISOs report stagnant or slashed budgets, a serious problem that stifles their ability to adequately handle growing internal and external threats.
“Unprecedented budgetary cuts across state governments and growing reliance on contractors and outsourced IT services are creating an environment that is even harder to secure,” said Utah CIO Steve Fletcher, the outgoing president of NASCIO, in a release.
As governments continue to utilize technology to store data, manage workflow and improve efficiency, concerns about protection and privacy remain a challenge for IT officials, from the federal level on down. Last December, President Barack Obama appointed the nation’s first cyber-security chief, Howard Schmidt. And a proposed bill on Capitol Hill would give the president the power to declare a national cyber-emergency in the case of a huge network attack.
States, of course, have their own cyber-battles to fight, but as the report highlights, many CISOs need to enhance their strategies and expand their resources if they want to be successful against threats.
“Many state CISOs lack the visibility and authority to effectively drive security down to the individual agency level,” said Srini Subramanian, director of Deloitte, a leader in state government security and privacy services, in a statement. “At the federal level, the president has recognized the critical nature of the problem and appointed a cyber-security coordinator to address it; it’s imperative that governors and state legislative leaders make cyber-security a priority.”
Based on responses from 49 states, the Deloitte-NASCIO report identifies the lack of funds, programs and resources as weak spots in public-sector cyber-security efforts, especially when compared to private-sector enterprises. Key findings from the survey include:
“State CISOs and CIOs recognize the threats and realize all government leaders need to be better informed on the risks,” said Doug Robinson, executive director of NASCIO. “It’s clear CISOs have tough jobs without adequate resources. A staggering 88 percent of respondents mention lack of sufficient funding as a major barrier to effectively addressing information security.”
Based on the findings, Deloitte and NASCIO offer recommendations that state CISOs might use to help bridge some of these gaps: partnerships within state government, executable strategies, ideas for standardization and tips for better preparing staff, to name a few.