Cyber Threats Forcing States to Take More Defensive Steps
As cyberattacks grow in frequency and intensity, state governments have responded by adopting cyber security disruption plans, and the vast majority of states have now adopted a cyber security framework based on national standards and guidelines.
According to the recent report “The 2016 State CIO Survey” from the National Association of State Chief Information Officers (NASCIO), 94 percent of states CIOs have now adopted such a cyber security framework. That is up from 80 percent in 2015.
Further, 85 percent of state CIOs have now developed security awareness training for workers and contractors, and 77 percent have created a culture of information security in state government.
In terms of specific steps to safeguard information systems and data:
- 83 percent of CIOs have acquired and implemented continuous vulnerability and monitoring capabilities
- 72 percent have adopted a cyber security strategic plan
- 72 percent have developed a cyber security disruption plan
- 64 percent have documented the effectiveness of their cyber security program with metrics and testing
- 26 have obtained cyber insurance
Cyber security threats have also changed how many CIOs approach data privacy and data protection. Despite that, the role of chief privacy officer is still rare in most state governments – cited by 11 percent.
Another 12 percent have someone who handles privacy as part of their official job at the executive level; 15 percent have privacy officers at the department or agency level but there is no enterprise privacy role; 36 percent have individuals who handle privacy as part of their official job at the department or agency level; and 26 percent have no one dedicated to privacy issues.