Governments Must Proceed With Assumed-Breach Planning
Governments must move beyond reactive incident response to assumed-breach planning and automated resilience. They must treat compromise as inevitable to prioritize detection, containment and rapid recovery. Agency leadership should consider automation in playbooks and AI-driven responses to cut reaction time from minutes to seconds.
Such an approach treats recovery plans and helps identify post-breach gaps, such as weak incident response plans, through targeted assessments.
State and Local Agencies Can Embrace Recovery-Focused Design
In an era of escalating ransomware attacks, governments must assume a breach and lead with resilience. A recovery-by-design approach ensures people can reach 911 emergency dispatch; police and fire computer-aided dispatch systems remain operational; courts and jails uphold due process; water and wastewater treatment systems continue to operate safely; and families can access the health and human services that keep them fed and housed.
Governments that cannot restore these services face more than the public’s frustration; they risk serious consequences for public safety, legal integrity and the well-being of the communities they serve.
READ MORE: Cloud accelerates time-to-value for citizen services.
Government Officials Can Adopt Whole-of-State/City Models
Adopt whole-of-state and whole-of-city approaches to pool talent, capabilities and 24/7 monitoring, as exemplified by Tennessee’s multiagency partnerships and New York’s Cyber Command (NYC3). Leaders should also anonymize penetration test data to address common gaps, such as Microsoft Active Directory misconfigurations across organizations.
Bolster defenses for cash-strapped municipalities, special districts and schools, where ransomware attacks rose 23% in the first half of 2025, according to Comparitech. Biannual roadmaps should align priorities across agencies with varying budgets. For example, governments would be able to foster upskilling via cyber academies tied to the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0.
LEARN MORE: State and local agencies should weigh CMMC compliance.
Cyber Resilience Ranks Among the Top Leadership Priorities
Cyber resilience should become a strategic leadership priority for governors, mayors, councils, school boards and agency executives. To support building resilience, costs should be reflected in budgets, policies and oversight aligned with the NIST 2.0 framework.
Further, by advancing shared threat intelligence through indicators of compromise and cross-sector associations, and by leveraging State and Local Cybersecurity Grant Program funding (which has been extended through 2033), government leaders can build durable, long‑term cyber resilience protocols that protect communities and essential services.
Ransomware is no longer an occasional IT problem; it is a persistent public safety and continuity risk. Organizations that act now, embedding resilience into budgets, governance and cross-sector collaboration, will be able to quickly restore 911 operations, reopen classrooms and keep essential services operating. The work is crucial, as we will inevitably see an increase in destructive cyberattacks against the United States.
