The 2021 CompTIA National Survey of Local Government Cybersecurity & Cloud Initiatives provides a snapshot of cybersecurity priorities, issues, and programs in cities and counties. These findings show that many policy and management issues have an impact on the cybersecurity posture of many local governments. As we wrap up another October of cybersecurity-related content, it should be noted that for many government IT leaders every month feels like Cybersecurity Awareness Month–and has for the last decade at least.
The past 12 months have been extremely challenging. Ransomware attacks against public institutions have doubled, cyber insurance premiums are rising dramatically, while coverage limits are severely cut. We also witnessed something almost impossible when local governments were impacted by supply-chain attacks, most exemplified by Kaseya customers. Cybercriminals can use this to hack into a cyber services company to gain secret access to its most trusted addresses.
The increasing demand for skilled cyber tech workers is further complicating matters. Local governments have a difficult time attracting these people. Surprisingly, money is not the biggest stumbling block anymore, as was reported in the past. Cybersecurity candidates today are seeking more quality of life factors, including the ability to work from anywhere and to work non-standard hours and requiring greater health and wellness benefits. Many senior tech staff are frustrated by what they refer to as “pandemic Burnout” and are simply moving on to new jobs or changing careers.
All of this is the backdrop for CompTIA’s 2021 National Survey of Local Government Cybersecurity. The survey’s purpose was to give a snapshot of cybersecurity priorities, issues, and programs in cities and counties. The survey examined budgeting, policies, procedures, access management and leadership support.
These findings show that many local governments are affected by a variety of policy and management issues.
Many IT organizations find it difficult to engage leaders in cybersecurity.
A majority of IT executives still feel that cyber funding is inadequate despite a recent budget increase for cybersecurity programming thanks to federal stimulus support.
Cyber insurance rates are increasing (and coverage limits are decreasing)
Since last year, the number of mobile device management policies implemented by organizations has increased.
IT executives are extremely satisfied with the security protocols implemented by their network service provider.
The past 20 months have been extremely difficult for local government communities: In addition to the health and social impact of the pandemic in our communities and organizations, both county and city IT had to quickly ramp-up and provide government services via a vastly expanded virtual work environment. This was, for the most part, successfully and securely.
Many of the temporary solutions local governments used are now more formalized and strategic. This positive trend continues with local governments implementing new tech-related initiatives and programs as a result the federal American Rescue Plan Act. Many are also using this funding to improve cybersecurity programs.
As mentioned earlier, public sector IT organizations are struggling with staffing and resource issues–some are calling it the “Great Resignation”–similar to how we referred to the “Great Recession” of a decade ago as staff leave local government IT positions. This is a great opportunity to explore apprenticeship programs and resource sharing, as well as public-private initiatives that CompTIA-PTI strongly supports. Many local government tech leaders are disappointed that some senior managers are trying to return to the way things were before the pandemic. This includes requiring staff to be physically present at the office and removing emergency workarounds that allowed IT employees to work remotely. Some local governments were able fill positions with highly qualified staff who lived outside of the state. However, it appears that there is a pullback and a return to pre-pandemic rules.
Local governments are increasingly vulnerable to cyber threats because of the constant search for tech talent.
Cyber Champions: Engaging Leadership
Local government IT executives continue to struggle to engage elected leaders in cybersecurity. 73% of respondents stated that they had not been able to engage with them.