IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

NASCIO 2023 State CIO Survey Weighs IT Financial Models

The 2023 survey, released at the group’s annual conference, digs into several key issues for state CIOs: Are general funds better than chargebacks? Is cybersecurity insurance worth it?

CIO Survey NASCIO 2023.jpg
Left to right: NASCIO Executive Director Doug Robinson, Arkansas CTO Jonathan Askins, Wisconsin CIO Trina Zanow, Rhode Island CIO Brian Tardiff at the 2023 NASCIO Annual Conference in Minneapolis.
Government Technology/David Kidd
MINNEAPOLIS — The drive to boost defenses against hackers, digital hostage takers, identity thieves and other criminals has put extra money into the coffers of state CIO offices, according to a new study from NASCIO.

Even so, most of those organizations still rely on chargebacks for funding — and some chief information officers prefer it that way.

At its annual conference in Minneapolis on Tuesday, NASCIO released its new 2023 State CIO Survey. Previous surveys dug into CIO business models. This report focused more on financial models.

The survey, conducted during the summer and now in its 14th year, attracted responses from 49 state CIOs, said Doug Robinson, NASCIO’s executive director.

Ninety percent of the states taking part reported using at least a partial chargeback model — that is, billing agencies for IT services.

That compared to 63 percent reporting a funding model based on state general funds; 20 percent on agency assessments; and 18 percent on other sources that include federal funds and data sales.

That doesn’t mean most states rely exclusively on chargebacks for tech work.

Only eight states, in fact, said that all revenue for their CIO operation comes from the chargeback model. Most use a combination of chargebacks and other sources.

During a Tuesday morning panel devoted to the survey's findings, the chargeback model earned praise from state tech leaders.

For instance, Jonathan Askins, secretary of information technology for Arkansas, said his office is 100 percent based on chargebacks.

“I actually prefer that,” he told a crowded ballroom. “It keeps us as close to a private-sector model as possible, a B2B model. I think that has its own set of checks and balances. If you just do [funding via] the general fund, sometimes the accountability is not there.”

All that said, he would like cybersecurity to receive money from general funds, he told attendees. That comment spoke to the high importance of cybersecurity in the newest NASCIO survey. For the past 10 years, in fact, CIO respondents have ranked cybersecurity as their top priority, data that is widely supported by other industry rankings, including those of the Center for Digital Government.*

The survey found that 80 percent of respondents have developed a “cybersecurity disruption response plan,” up from 66 percent in 2022.

Just more than half of state CIOs are using artificial intelligence, machine learning and similar tools to manage cybersecurity programs, an example of how emerging technologies are helping to defend against ongoing and evolving threats such as ransomware.

The need for better cybersecurity also leads to more funding, at least according to the NASCIO report. The most common reason for supplemental funding for the current fiscal year was cybersecurity, cited by 45 percent of CIO survey respondents.

That beat out technology modernization and other one-time investments.

As for financial protections against digital attacks, 53 percent of states have cybersecurity insurance, which is down from 55 percent since 2020, the last time NASCIO asked the question. In the report, NASCIO said it “expected this number could have decreased even more” while noting that 33 percent of states self-insure against attacks.

Cybersecurity insurance — known for growing costs that can quickly increase as the market continues to evolve alongside the threat landscape — can siphon away money from other areas, including technology development. That’s what Brian Tardiff, Rhode Island’s chief information officer, had to weigh when deciding his office’s path.

“Instead of cybersecurity premiums, we spent money on more defenses,” he told attendees, adding that so far the decision has been a good one.

*The Center for Digital Government is part of e.Republic, Government Technology's parent company.
Thad Rueter writes about the business of government technology. He covered local and state governments for newspapers in the Chicago area and Florida, as well as e-commerce, digital payments and related topics for various publications. He lives in Wisconsin.