Beyond the barriers: Maximizing ROI in cybersecurity in local government organizations

The 2023 Local Government Cybersecurity National Survey found that more than 60 percent of IT officials at state and local organizations believe their budgets are inadequate to support their cyber programs. And only about half of their employees continually participate in cybersecurity training throughout the year, revealing a lack of engagement in IT security programs across their organizations—including from elected officials.

Among these concerns, IT officials stated that an increase in sophisticated threats and lack of cybersecurity staffing are the top barriers their organizations face when addressing cybersecurity challenges. Despite perpetual constraints in cyber resources for state and local governments, organizations can proactively address these barriers. By prioritizing strategic investments and maximizing existing resources, they can enhance their cyber defenses against threats and maximize their return on investment (ROI) in cyber.

Cultural shift: Assume breach mindset
While state and local governments are not mandated to meet a Zero Trust deadline, as required for federal government agencies, there are still proactive steps that they can take to improve cyber defenses and put themselves in a better position to defend against potential cyber threats.

To start, it’s crucial for everyone to adopt an “assume breach” mindset—meaning accepting that breaches are inevitable and that our world is more hyperconnected than ever before. When we typically think of defending against cyber threats, we think of preventing them. However, as our hybrid, hyperconnected world has evolved, prevention can no longer be the only goal, as it is not always attainable in this new threat landscape. As the threat landscape has grown more severe and unrelenting, the goal must take it up a level and ensure critical information remains safeguarded and operations continue in the face of inevitable attacks and breaches.

The crucial need for organizational participation
Similar to federal agencies’ adoption of Zero Trust, the cultural shift of assume breach goes beyond technology implementation, requiring active involvement from SecOps teams to CIOs to the entire C-Suite to prepare for breaches and ensuring operations aren’t impeded. Leadership buy-in and participation is essential for fostering a culture where the priorities include preparing for breaches to ensure operations aren’t impeded, and the organization can respond effectively to cyber threats.

In 2023, state and local governments experienced a significant increase in various types of cyberattacks, including a 148 percent increase in malware attacks, a 51 percent increase in ransomware incidents, and a 313 percent rise in endpoint security services incidents, such as data breaches, unauthorized access and insider threats. Recognizing the severity of these statistics is acknowledging that the responsibility and understanding of cyber threats can no longer fall solely on IT teams. While the IT team is responsible for the actual implementation process of technologies, building cyber resilience and being aware of cyber threats is the responsibility of the entire organization.

To read the complete article, visit American City & County.