As cyberattacks become more frequent and costly to remediate, the COVID-19 pandemic has spread state and local governments’ (SLG) cyber defenses thin and just 18 states have a specified cybersecurity budget, according to a report by cybersecurity awareness training platform KnowBe4.

The report states that the average ransomware payment for the first half of 2021 was $570,000, while cybercriminals were asking for an average of $5.3 million. Just five ransomware variants accounted for 75 percent of observed attacks from January to August 2021.

“Ransomware attacks continue to plague state and local governments on an all too regular basis,” KnowBe4 CEO Stu Sjouwerman said in a release. “Without proper security awareness training and education along with necessary funding to combat such social engineering threats, municipalities are left defenseless against cyberattacks that could be prevented.”

“In recent years, many healthcare, law enforcement, higher education institutions, and other critical services have had to literally pay the price, sometimes in the millions, to overcome ransomware attacks,” Sjouwerman said. “As the world continues to change and work through the COVID-19 pandemic, the time to act and prepare for potential cyberattacks is now.”

Ransomware attacks have been costly both monetarily and in downtime for organizations, with the report citing that organizations reported an average of 22 days of disruption in the third quarter of 2021.

In addition to just 36 percent of states having any sort of cybersecurity budget, the report also found that only 16 percent of states’ cybersecurity budgets have increased by more than 10 percent since 2018.

The report also cites a study done by Deloitte and the National Association of State Chief Information Officers (NASCIO), which found that 40 percent of state chief information security officers felt only somewhat confident that their state’s information assets are adequately protected from cyberattacks that target local government and public higher education facilities.

Read More About
Lamar Johnson
Lamar Johnson
Lamar Johnson is MeriTalk SLG's Staff Reporter covering the intersection of government and technology.