NASCIO: State CISOs Have Governors' Ears, Not Funding
Governors are more aware of cybersecurity, but state chief information security officers (CISOs) still lack funding, said a report Tuesday by Deloitte and the National Association of State Chief Information Officers (NASCIO). More than 60 percent of state officials said…
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
cybersecurity is discussed at least quarterly at executive leadership meetings, compared with 48 percent in 2014. Nearly one-third of CISOs provided governors with monthly cybersecurity reports this year, up from 17 percent two years ago. There’s little funding: more than half of state cybersecurity budgets represent 0-2 percent of overall technology budgets, the report said. Four in five respondents said inadequate funding is a top barrier to effectively addressing cyberthreats, and 51 percent pointed to the lack of cybersecurity professionals. CISOs said they considered threats targeting employees -- phishing, pharming, social engineering and ransomware -- the most prevalent threat in the year ahead. The report found a “confidence gap” between CISOs and state officials on how prepared their states are to handle security threats: about two in three state officials said they’re very confident about defending against external cyberthreats, but 27 percent of CISOs felt that way. Deloitte and NASCIO received responses this year from CISOs in 49 states and territories, and 96 state business and elected officials. A NASCIO report released Monday said most states outsource at least some IT infrastructure (see 1609190022).