NASCIO: State CISOs Have Governors' Ears, Not Funding
Governors are more aware of cybersecurity, but state chief information security officers (CISOs) still lack funding, said a report Tuesday by Deloitte and the National Association of State Chief Information Officers (NASCIO). More than 60 percent of state officials said…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
cybersecurity is discussed at least quarterly at executive leadership meetings, compared with 48 percent in 2014. Nearly one-third of CISOs provided governors with monthly cybersecurity reports this year, up from 17 percent two years ago. There’s little funding: more than half of state cybersecurity budgets represent 0-2 percent of overall technology budgets, the report said. Four in five respondents said inadequate funding is a top barrier to effectively addressing cyberthreats, and 51 percent pointed to the lack of cybersecurity professionals. CISOs said they considered threats targeting employees -- phishing, pharming, social engineering and ransomware -- the most prevalent threat in the year ahead. The report found a “confidence gap” between CISOs and state officials on how prepared their states are to handle security threats: about two in three state officials said they’re very confident about defending against external cyberthreats, but 27 percent of CISOs felt that way. Deloitte and NASCIO received responses this year from CISOs in 49 states and territories, and 96 state business and elected officials. A NASCIO report released Monday said most states outsource at least some IT infrastructure (see 1609190022).