State Chief Information Security Officers (CISOs) are facing increasing responsibilities, with a majority reporting a rise in their duties. However, many are struggling with budget constraints and resource limitations, hindering their ability to effectively combat cyber threats.

Description

Over one-third of State CISOs do not have a dedicated cybersecurity budget, with some allocating less than 1% of their IT budgets to cybersecurity [1] [2] [3] [4]. This is in stark contrast to federal agencies, which typically allocate more than 10% of their IT budgets to cybersecurity [1] [2] [3] [4]. Budget constraints remain a top barrier for 35% of CISOs, as resources are not keeping pace with the growing sophistication of cyber threats [3] [4]. State technology leaders are concerned about the risks and benefits of generative artificial intelligence (GenAI) [2] [3], with 71% believing the risk of AI-enabled threats is high [2]. Some states have implemented cyber-threat information sharing programs to address the rising importance of cybersecurity in government operations [5]. The number of CISOs responsible for data privacy has increased to 86% [5], likely due to new state laws [5]. While many state CISOs have been able to increase their cybersecurity teams [1], there are varying levels of cybersecurity staff across states [5]. State CISOs are increasing their team sizes and focusing on creative solutions to protect their organizations and the public [4]. Collaboration among state CISOs [4], stakeholders [4], and government partners is crucial in the face of evolving cyber threats [4]. State CISOs are also expanding their teams and focusing on developing state GenAI strategy and security policy to address evolving cyber threats [3].

Conclusion

The lack of dedicated cybersecurity budgets and resources poses a significant challenge for State CISOs in effectively addressing cyber threats. Moving forward, it is crucial for state governments to prioritize cybersecurity funding and resources to ensure the protection of critical infrastructure and sensitive data. Collaboration and information sharing among state CISOs, stakeholders [4], and government partners will be essential in mitigating the risks posed by cyber threats and advancing cybersecurity efforts at the state level.

References

[1] https://www.prnewswire.com/news-releases/2024-deloitte-nascio-survey-finds-states-face-growing-cybersecurity-threats-tight-budgets-302262467.html
[2] https://menafn.com/1108729366/2024-Deloitte-NASCIO-Survey-Finds-States-Face-Growing-Cybersecurity-Threats-Tight-Budgets
[3] https://www.webmagspace.com/states-face-growing-cybersecurity-threats-tight-budgets-survey/
[4] https://cioinfluence.com/security/2024-deloitte-nascio-survey-finds-states-face-growing-cybersecurity-threats-tight-budgets/
[5] https://www.infosecurity-magazine.com/news/us-state-cisos-insufficient-funding/