What we did:
New Heights surveyed over 150 decision-makers at state and local governments about their cybersecurity priorities.
What we found:
Cyberattacks, particularly ransomware, have grown considerably over the past 5 years.
As a result, cybersecurity has become an increasingly pressing issue for local governments in the U.S.
Local governments have become an attractive target for cyberattacks for a few reasons:
- They store sensitive and valuable data related to the government and citizens they serve.
- They often lack sophisticated information security practices.
- Many lack adequate funding and systems to ensure defense against these attacks.
Local governments may also be more likely pay out a ransom or yield to the demands of a cyber criminal than other organizations, because staying online and maintaining ordinary operations is of critical importance.
The vast majority of respondents felt that cybersecurity is critically important to their organization today.
Protecting sensitive government information against malware, phishing and other attacks was regard as extremely important, as was responding and reacting should a breach take place. “Defend” activities were viewed as the most critical. These include MD&R (monitoring, detection & response), malware protection, and email security. “Prepare” and “Recover” were also quite important to respondents, though not as critical as “Defend.”
The importance of cybersecurity is growing.
The importance of cybersecurity has been and is expected to increase over time because of the growing number, sophistication and severity of cyber-attacks against local governments. The Cybersecurity and Infrastructure Agency (CISA), a subdivision of the U.S. Department of Homeland Security, was formed in 2018 to govern these critical issues. State legislatures have also been focused on cybersecurity. More than 80 cyber-related bills were enacted or adopted in 2019, according to the National Conference of State Legislatures.
Nearly 70% of respondents in our sample claim their organization is required to have cyber solutions in place today. Approximately 1/3 of those who did not have solutions expect they will in the coming years.
70% of respondents outsource cyber-security to 3rd party vendors.
Large municipalities (> 250k residents) appear more likely to have dedicated internal teams for cyber-security functions. Respondents from small-to-mid sized community governments claim to outsource more to a dedicated 3rd party.
Outsourcing activity is expected to remain stable or increase in the next few years.
This should benefit 3rd party cyber-security solutions vendors.
To learn more about emerging opportunities in cybersecurity and electronic infrastructure, please contact us.