Some 62 per cent of responding jurisdictions have developed a formal policy governing the use of personally owned devices by governmental officials and employees
Three fifths (58 per cent) of local governments in the US cited the inability to pay competitive salaries as the greatest barrier to achieving high levels of cyber-security, a new study finds. This is despite one third of respondents reporting an increase in cyber-attacks to their local government information during the past 12 months.
Fifty-three per cent cited an insufficient number of cyber-security staff as the primary obstacle, and 52 per cent said it was a general lack of funds.
The survey of local government chief information officers was conducted by the International City/County Management Association (ICMA), in partnership with the University of Maryland Baltimore County (UMBC).
When asked to rank the top three things most needed to ensure the highest level of cyber-security for their local government, respondents cited greater funding as number one, better cybersecurity policies as second, and greater cybersecurity awareness among local government employees as third in importance.
“As local governments become increasingly reliant on technology and the Internet, they must also become increasingly diligent about the security they provide for the data and information they collect and manage,” said Marc Ott, executive director, ICMA.
“Because the costs to restore compromised data are staggering, local governments must understand what resources they need to achieve their cyber-security objectives and ensure the safety of their data.”
The public sector pays considerably less than the private sector for cyber-security expertise, which places further pressure on US local governments to find ways to fund compensation in this explosive industry. Currently, this booming field has zero unemployment and one million unfilled jobs, and experts estimate that the shortfall will reach 1.5 million by 2019.
Other findings of the ICMA-UMBC cybersecurity survey results were:
Only one percent of responding local governments have a stand-alone cyber-security department or unit. Primary responsibility for cyber-security is most often located within the IT department.
Some 62 per cent of responding jurisdictions have developed a formal policy governing the use of personally owned devices by governmental officials and employees.
Nearly seven in 10 of responding local governments have not developed a formal, written cyber-security risk management plan, but two fifths conduct an annual risk assessment and an additional 16 per cent take stock of their risk at least every two years.
The survey was mailed (with an online option) to the chief information officers of 3,423 US municipalities and counties with populations of 25,000 or greater. Responses were received from 411 local governments for a response rate of 12 per cent.
If you like this, you might be interested in reading the following:
Atos and Siemens team up to boost industrial cyber defences
The aim is to provide customers in the manufacturing and processing industries with comprehensive security services and products
Action needed to reduce the risk of botnets
It urges IoT device manufacturers to ‘take responsibility’ by implementing security-by-design
Opportunities and threats
The boss of one of the UK’s leading data security firms welcomes faster connectivity but warns that it can also mean the ‘surface area’ for attacks is greater