State Cyber Officials Say Governors Are Paying More Attention to Them


Connecting state and local government leaders

Lack of funding to handle potential security threats remains a top concern, according to a biennial survey from NASCIO and Deloitte.

ORLANDO, Fla. — The nation’s governors and other high-ranking state officials are putting increased focus on cybersecurity issues and the people responsible for managing them, according to a new study.

The survey of state chief information security officers and leaders of business operations in state government found that more than 60 percent reported that cyber issues were discussed at least quarterly at state executive leadership meetings, up from 48 percent in 2014.

The survey is conducted every two years by the National Association of State Chief Information Officers and Deloitte. This is the fourth iteration of the study.

Nearly 30 percent of CISOs surveyed said they now report to their state’s governors monthly on cyber issues. Another 40 percent said they only conduct such briefings on an ad hoc basis.

“We definitely have increased exposure to the governor’s office,” said Tad Stahl, CISO of the state of Indiana.

The opportunity to issue reports to the highest levels of state government can be a mixed blessing for those responsible for protecting a state against data breaches, though. “I have to say, it’s not very encouraging that when the governor sees me, he sighs,” said Agnes Kirk, Washington state’s CISO.

Stahl and Kirk spoke Tuesday at NASCIO’s annual meeting here during a discussion of the survey results.

A lack of sufficient funding to handle cybersecurity threats remained the top concern for CISOs, cited by 80 percent of survey respondents. But the study found that having an established information security strategy can lead directly to more resources, both in the form of funding and staff.

“No one wants to give you money when you have problems,” said Mark Raymond, Connecticut’s chief information officer and NASCIO’s new president. “They want to give you money when you actually have a proposal to fix the problems.”

Emerging concerns of CISOs include the rise of ransomware, which did not even make the list in 2014 but was among the top three concerns this year. The emergence of the internet of things, and its millions of connected devices constantly accessing information, also is increasingly on the minds of state cyber officials.

“Who’s collecting what? said Kirk. “How are they protecting it? The technology has gotten way ahead of many of those things. It scares me to death.”

Tom Shoop is Editor in Chief of Government Executive

NEXT STORY: How Analytics Are Saving Kentucky Money on Snow and Ice