What Is the State of Local Government Cybersecurity?
The survey was conducted in August and September 2021, with more than 75 local government IT executives participating.
According to the report, 81 percent of IT executives said their local government has a governmentwide cybersecurity policy that sets rules for employee behavior and operational safeguards and procedures, and 73 percent of respondents stated that their policy has been reviewed over the past 12 months. “PTI reminds leaders that policies and procedures are only as effective as their review and, where appropriate, testing,” the report notes.
In terms of network security and auditing, 33 percent of respondents said their municipality had “conducted a network or security audit of all IT systems and policies” within the past 12 months, according to the report.
While 54 percent reported that they had tested or audited some systems and policies, an “alarming” 13 percent had not conducted any system test or audit in the past year, according to the report.
More local government agencies are employing mobile device management policies, with 65 percent of respondents saying they had a policy in place for employee or contractor access to government information systems. That figure was up 10 percent from PTI’s 2020 survey
Fully 90 percent of respondents said their organization has cyber liability insurance, up from 78 percent in 2020. However, cyber insurance policies are increasing in complexity, according to the report.
“This could be why only 23% of IT executives share that they are completely familiar with their insurance policy requirements and procedures to immediately follow in the event of a breach or incident; 65% share that they are somewhat familiar with their policy requirements and 12% share that they are not at all familiar with their policy requirements,” the report states.
How Are Localities Working with States on Cybersecurity?
When asked to rate the relationship between local and state governments on cybersecurity — specifically related to information sharing, resource sharing, education and training provided by the state to local governments — 31 percent rated the relationship as excellent.
Another 44 percent of respondents rated the relationship as just fair, and 25 percent describe the relationship as poor.
“Clearly, more work needs to be done to foster collaboration,” the report notes. “Organizations like CompTIA-PTI and the National Association of State Chief Information Officers (NASCIO) continue the push to educate state and local officials as to the need to build effective and trusted partnerships. Despite these worthwhile goals and initiatives, many tech leaders have often lamented that they have almost zero relationship with state IT agencies — let alone the state CIO.”
“Collaboration is a two-way street,” Shark says in the report. “Don’t wait for your state colleagues to approach you. Reach out to your state CIO and begin the dialogue around resources, key contacts, and information-sharing that will strengthen your cyber efforts.”