State and local government (SLG) leaders are struggling to get a good night’s sleep amid growing cybersecurity fears, according to a new report from MeriTalk.
The new report draws on results from MeriTalk’s survey of 100 SLG IT decision-makers with the goal of understanding how organizations can gain traction in the fight to reduce risk, improve cyber hygiene, and outmaneuver adversaries.
The vast majority of survey respondents – 76 percent – reported that fear of being the victim of the next headline-grabbing data breach keeps them up at night. That’s unsurprising given that less than half of respondents rate their cybersecurity efforts as “very effective” – 42 percent for state leaders and 43 percent for local leaders.
While the majority of decision makers fear becoming the next breach victim, essentially the same number – 75 percent – reported that their organization experienced a cybersecurity breach or potential compromise in the past year. In terms of what cybercriminals are targeting, critical infrastructure remains a top concern. Threats against public health, energy, elections, education, water systems, and emergency systems topped the list of attack targets.
Cyber Recovery Plans Essential, but Currently Lacking
With so many organizations facing cyberattacks and potential compromises, having a robust recovery plan in place is essential. Luckily, 85 percent of respondents said they do have a clear continuity plan of what to do in the event of a breach or compromise. However, confidence in that plan isn’t quite as high. Only a third of respondents gave an “A” grade to their ability to quickly and completely recover from a breach.
In terms of what recovery steps SLG decision makers do have in place, regular data backup (59 percent), network segmentation (51 percent), and rapid data restore and recovery procedures (46 percent) were the most frequently reported. Roughly a third of respondents reported also having a defined list of personnel involved in cyber incident recovery, cyber insurance to mitigate costs, and diversified storage technology as part of their recovery plan.
Sharing Cyber Wins
While the past year has been a challenging one for SLG IT decision makers, many were able to celebrate important cybersecurity wins.
Nearly half of respondents reported that they have improved their data restore and recovery procedures, 44 percent began enforcing multi-factor authentication for data at rest and in transit, and 44 percent said they’ve worked on modernizing legacy systems.
Going back to the 33 percent of respondents who graded their ability to quickly and recover from a breach as an “A,” the majority have focused on prioritizing cloud migration.
Future-Focused Approach to Strengthening Cybersecurity
Looking to the future, the overwhelming majority of respondents (88 percent) believe that collaboration between state and local governments for a “whole-of-state” approach to cyber resilience is essential. To that end, nearly half of respondents (44 percent) said a top priority over the next 18 months will be improving information sharing between state and local organizations. Aside from collaboration, 84 percent of respondents believe SLG organizations will achieve better cyber protection by modernizing their underlying technology infrastructure.
MeriTalk also asked respondents what is the most important technology for improving SLG cyber resilience over the next five years. Application security (93 percent) and multi-cloud infrastructure (86 percent) topped the list. SLG IT decision makers also said they were interested in StateRAMP, improving the application of basic cyber hygiene, and improving the application of zero trust principles.
Read the full report to learn more.