Insufficient Funding, Sophisticated Threats, and Shortage of Skilled Talent Threaten Security and Put State Governments at Risk: Deloitte/NASCIO Survey
PR Newswire Association LLC |
The third biennial Deloitte-NASCIO survey of CISOs and their equivalents also reveals an increasing sophistication of cyber threats and inadequate availability of cyber security resources as other top barriers to achieving adequate cyber security measures within state governments.
Three-quarters (75 percent) of the respondents cited lack of sufficient funding as their top barrier and 46 percent estimated security budget to be only between 1 and 2 percent of the overall technology budget. Approximately 6 in 10 (61 percent) CISOs cited an increase in sophistication of threats, up from roughly half (52 percent) in 2012. The number citing a shortage of qualified cybersecurity professionals jumped from 46 percent in 2012 to 59 percent in 2014.
"State CISOs and CIOs are dealing with a myriad of complex issues related to cybersecurity – budget, increasing threat sophistication, talent and stakeholder communication," said
Ironically, another challenge cited in the report is a continued discrepancy in the confidence levels of state cyber security among CISOs and state officials. An accompanying survey of state business officials found that 60 percent had high levels of confidence in states' ability to protect and defend against external cyber threats. Only one-quarter (25 percent) of state CISOs expressed a similar level of confidence.
"State business leaders need to play close attention and have a better understanding about the gravity of the situation. We believe that this gap significantly undermines a CISO's ability to gain funding and support for cybersecurity programs. Communicating the cybersecurity risks and potential impact to the business and elected state leaders will likely help elevate the issue," Subramanian noted. "But despite continuing challenges, CISOs are standardizing security practices, launching broad-based awareness campaigns, and looking for ways to attract the right talent to join them in their fight against cyber threats and protecting states' critical infrastructure."
Overwhelmingly, 9 in 10 (90 percent) CISOs point to the salary and pay grade structures states offer as one of the most substantial barriers to attracting and retaining skilled cybersecurity professionals. State cybersecurity professionals are also leaving for private sector careers (71 percent), and more than two-thirds (67 percent) cite lack of defined cybersecurity career paths and opportunities at the state-level.
"The survey provides a sobering assessment of continuing challenges of budget, talent and evolving nature of cyber threats," said
Key findings of the 2014 Deloitte-NASCIO Cybersecurity Study include:
- Maturing role of the CISO: State CISO role continues to gain legitimacy in authority and reporting relationships. The responsibilities of the position are becoming more consistent across states, yet expanding. CISOs today are responsible for establishing a strategy, execution of that strategy, risk management, communicating effectively with senior executives and business leaders, complying with regulators, and leading the charge against escalating cyber threats using various security technologies.
- Budget-strategy disconnect: The improving economy and states' growing commitment to cybersecurity have led to an increase – albeit small – in the budgets. CISOs have also been successful at tapping supplemental resources, whether from other state agencies, federal funding, or various agency and business leaders. Nevertheless, budgets are still not sufficient to fully implement effective cybersecurity programs – it continues to be the top barrier for state CISOs. In addition, survey responses show that there may be additional barriers to implementing successful initiatives: namely the lack of well-thought-out and fully vetted cybersecurity strategy and priorities.
- Cyber complexity challenge: State information system house a wide range of sensitive citizen data, making them especially attractive targets for cyber-attacks. CISOs are concerned about the intensity, volume and complexity of cyber threats that run the gamut from malicious code to zero-day attacks. They need to stay abreast of existing and developing threats to establish and maintain the security of an information environment that now increasingly extends from internal networks to the cloud and mobile devices. State officials appear more confident than CISOs in the safeguards against external cyber threats, perhaps a result of ineffective communication of risks and impacts.
- Talent crisis: The skill sets needed for effective cybersecurity protection and monitoring are in heavy demand across all sectors. Private sector opportunities and salaries are traditionally better that those offered by government. Not surprisingly, state CISOs are struggling to recruit and retain people with the right skills, and they will need to establish career paths and find creative ways to build their cybersecurity teams. Furthermore, as states turn to outsourcing and specialist staff augmentation as a means to bridge their cybersecurity talent gap, it's imperative for CISOs to manage third-party risks effectively.
For a copy of the full report, "2014 Deloitte-NASCIO Cybersecurity Study," please visit: http://www.deloitte.com/us/StatesAtRisk
For more information about Deloitte's U.S. State Government practice, please visit: http://www.deloitte.com/us/stategovernment
About the Survey
Deloitte, in conjunction with NASCIO, conducted an online survey of CISOs and state officials in May of 2014. Survey respondents included CISOs or equivalents responsible for the security oversight of 49 states. Additionally, Deloitte surveyed 186 U.S. state business officials to gain states' business stakeholder perspectives about how government enterprise views, formulates, implements, and maintains its security programs.
About
About Deloitte's State Government practice
Deloitte has served state governments for more than 48 years, including 47 of the 50 U.S. states, as well as the
About NASCIO
As used in this document, "Deloitte" means
Logo - http://photos.prnewswire.com/prnh/20120803/MM52028LOGO-a
SOURCE Deloitte
Wordcount: | 1338 |
Inside The October Issue Of AARP Bulletin
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News