State Cybersecurity Organizations in 'Heightened Risk Environment'

As state and local cybersecurity organizations across the United States emerge from a few difficult years, one aspect of the future is for certain: It will be shaped by the same digital advancements that, since the pandemic's outset, have propelled the nation into an unprecedented era of technological innovation in the public sector.

"While it may take years to know which transformations wrought by the pandemic will endure, we know that digitization has accelerated. The social distancing required by the health crisis made digital and mobile platforms the crux of work and daily life," reads the introduction to the seventh biennial report from Deloitte and the National Association of State Chief Information Officers (NASCIO), the "2022 Deloitte-NASCIO Cybersecurity Study."

While the report was written for state chief information security officers (CISOs), it outlines key challenges faced by public cybersecurity organizations at all levels: attracting and retaining enough talent; embracing all areas of cyber defense, from state agencies to local governments; and setting new budgetary directions, with different and updated expectations.

"State CISOs played critical roles helping the country successfully navigate the twists and turns of the pandemic, and this year's survey identifies the steps needed to grow this increasingly public role and meet the current and future challenges faced by state agencies," said Meredith Ward, director of policy and research at NASCIO and a co-author of the study.

Related:Five Functions That Benefit From Cybersecurity Automation

In both the private and public sectors, "The demand for high-skilled workers has grown even more acute. … Reassessing their life choices during the COVID-19 pandemic, many employees joined the Great Resignation, and millennial and Gen Z workers are more carefully choosing workplaces that reflect their preferences," the report says.

In a survey conducted by the officers organization and noted in the report, 52 percent of respondents cited legacy infrastructure and outdated solutions as the primary barrier preventing them from addressing cybersecurity challenges. Inadequate availability of cybersecurity professionals was listed second (50 percent), followed by not enough staffing (46 percent) and decentralized IT and security infrastructure. Increasing sophistication of threats was also noted (29 percent).

At least part of the reason for talent gap is that "States are not meeting many of the demands of this new generation of tech workers," the report says. "Only 25 percent of states reported using remote work as a talent attraction tool. This is somewhat surprisingly low, as CISOs have worked hard to ensure the security of work-from-home arrangements (more than 80 percent expressed high confidence in their work-from-home arrangements), with more than half expressing confidence in these efforts. Moreover, the labor market is increasingly offering workers the option to work from home."

Read the rest of this article on American City & County.