The inability to pay competitive salaries, insufficient cyber security staff, and a general lack of funding presents serious barriers to local governments achieving the highest levels of cybersecurity, according to a survey of local government chief information officers (CIO) conducted by the International City/County Management Association (ICMA), in partnership with the University of Maryland Baltimore County.
The goal of the Cybersecurity 2016 Survey was to better understand current local government cybersecurity practices and their related issues, including what capacities cities and counties possess, what kind of barriers they face, and what type of support they have to implement cybersecurity programs.
Despite nearly a third (32%) of respondents reporting an increase in cyber attacks to their local government information during the past 12 months, 58% indicated that the inability to pay competitive salaries prohibited them from achieving high levels of cybersecurity.
53% cited an insufficient number of cybersecurity staff as the primary obstacle, and 52% said it was a general lack of funds.
The public sector pays considerably less than the private sector for cybersecurity expertise, which places further pressure on U.S. local governments to find ways to fund compensation in this explosive industry.
Currently, this booming field has zero unemployment and one million unfilled jobs, and experts estimate that the shortfall will reach 1.5 million by 2019.
When asked to rank the top three things most needed to ensure the highest level of cybersecurity for their local government, respondents cited the following in importance.
- Greater funding
- Better cybersecurity policies, and
- Greater cybersecurity awareness among local government employees
“As local governments become increasingly reliant on technology and the Internet, they must also become increasingly diligent about the security they provide for the data and information they collect and manage,” said ICMA Executive Director Marc Ott.
“Because the costs to restore compromised data are staggering, local governments must understand what resources they need to achieve their cybersecurity objectives and ensure the safety of their data.”
“The results of the ICMA-UMBC Cybersecurity 2016 Survey can help local leaders identify and evaluate critical resource shortages.”
Other highlights of the ICMA/UMBC cybersecurity survey results include:
- Only 1% of responding local governments have a stand-alone cybersecurity department or unit.
- Primary responsibility for cybersecurity is most often located within the IT department.
- Roughly 62% of responding jurisdictions have developed a formal policy governing the use of personally-owned devices by governmental officials and employees.
- Nearly 70% of responding local governments have not developed a formal, written cybersecurity risk management plan,
- However, nearly 41% conduct an annual risk assessment and an additional 16% take stock of their risk at least every two years
The Cybersecurity 2016 Survey was mailed (which includes an online option) to the chief information officers of 3,423 U.S. municipalities and counties with populations of 25,000 or greater.
Responses were received from 411 local governments for a response rate of 12%.
(Learn the value of ICMA membership featuring ICMA members spanning all career stages. Courtesy of ICMA and YouTube)
The International City/County Management Association, (ICMA), advances professional local government worldwide through leadership, management, innovation, and ethics, and only second to the federal government in the collection, analysis, and dissemination of data focused on issues related to local government management.
Through expansive partnerships with local governments, federal agencies, nonprofits, and philanthropic funders, the organization gathers information on topics such as sustainability, health care, aging communities, economic development, homeland security, alternative service delivery, and performance measurement and management data on a variety of local government services, all of which support related training, education, and technical assistance.