Cybersecurity: What Elected and Appointed Officials Need to Know

A new survey notes that while data breach incidents continue to soar, 80 percent of government officials and their staff don't know if their state has a cyber emergency incident plan in place.

by / March 7, 2016

Cybersecurity is stuck to the top of every vigilant CIO’s priority list, and yet so much work remains to be done. Data breach incidents continue to soar, and yet 80 percent of government officials and their staff reported not knowing if their state has a cyber emergency incident plan in place, according to survey results released March 7 by the Governing Institute, sister organization to Government Technology. The survey revealed several similar trends supporting the theory that government is prioritizing cybersecurity, but is not fully equipped to handle the threats posed by today’s environment.

“The purpose of the survey was to examine current baseline cybersecurity knowledge of state elected and appointed officials in order to identify educational needs regarding this topic,” said Todd Sander, vice president of research for the Governing Institute. “We found that, although legislators know the risks are high, many are not as involved as they could be, and significant cybersecurity gaps remain.”

Though cybersecurity remains a constant talking point, only 18 percent of surveyed legislators sit on a committee that designates cybersecurity as part of its official mandate, according to the survey. Also discovered was that a dearth of funding, knowledge and personnel could partially account for this disparity, as 43 percent of survey respondents cited funding as a limiting factor to cyber development, 50 percent cited personnel, and another 43 percent said there is a general lack of cyber comprehension in their state.

“This study shows that legislators are aware of the cybersecurity risks in their state networks and want to know and do more,” said Chris Boyer, assistant vice president, Global Public Policy at AT&T, who supported the survey along with the National Cyber Security Alliance (NCSA). “We’re here to help, including our participation in efforts like this that shine a light on how industry and public-sector entities can work together to address the growing cybersecurity threat.”

Education is a priority for 87 percent of respondents, who said they are interested in furthering cyber education programs in their states. The areas that respondents wanted to learn about most were:

  • the biggest cybersecurity threats facing state government;
  • the best cybersecurity methods for helping to protect state networks;
  • top causes of data breaches;
  • how to respond to a data breach; and
  • how to help protect mobile devices.

Hardly a week passes without news of private government data falling into the wrong hands or being jeopardized by improper handling. Among the most recent major government data breaches were the infiltration of CIA Director John Brennan’s email account and the release of 29,000 FBI and Department of Homeland Security employees' contact information. And last month, hackers stole IRS data containing personal information of 100,000 taxpayers.

Download the infographic to get a visual look at the survey data.