Arizona CISO Mike Lettman shared a remarkable story in a discussion during the National Association of State Chief Information Officers’ 2018 Annual Conference.
Until recently, the Arizona state IT department lobbied the legislature annually for cybersecurity funding. If the funding didn’t come through one particular year, a lack of money could have forced Arizona to turn off its cyber defenses, Lettman said.
In 2018, Arizona’s CIO and CISO won dedicated funding for cybersecurity in the state budget — a major victory in fully executing its cybersecurity strategy. Dependable cybersecurity spending reduced overall risk for the state, Lettman said.
The New America think tank recently applauded Arizona’s strategy and how it has established a strong public-private partnership to support it. And that’s key to Lettman’s fight. His efforts would have been wasted if he didn’t have the tools to carry out his strategy.
CIOs and CISOs Face Hurdles in Cybersecurity Conversations
Four in 10 state and local IT leaders lack the tools to identify and report vulnerabilities in their networks, according to a study conducted last year by CyberScoop and StateScoop, and underwritten by Tenable.
Two-thirds of respondents asserted that communicating risks to state and local officials remains challenging because officials don’t comprehend the technology and risks, nor can they grasp the metrics.
Roughly half of states do not have a dedicated cybersecurity budget, according to NASCIO. Undoubtedly, this lack of dedicated funding is due in part to the difficulty of communicating the urgency of cybersecurity challenges to lawmakers. Among states that do have a cybersecurity budget, more than a third have experienced no growth or a reduction in their budgets, according to NASCIO’s 2018 survey of the 50 state CIOs.
And this underscores NASCIO’s further suggestion that states might not spend enough on cybersecurity overall. In the survey, NASCIO found that many states allocate only 1 or 2 percent of their IT budgets to cybersecurity, while federal agencies dedicate more — perhaps 5 to 12 percent of their total IT budgets, depending on the agency.
Let’s hope more states follow Arizona’s lead and budget sustained cybersecurity funding for their enterprises.