A new survey explores cybersecurity practices, issues, and barriers.
18 April 2017
Securing local government information systems and data is an ongoing—and alarming—concern for local government managers and chief information officers (CIOs), and news stories about cybersecurity vulnerabilities appear almost daily.
That’s why ICMA, in partnership with the University of Maryland Baltimore County (UMBC) surveyed CIOs about cybersecurity practices and related issues. And while the survey responses were being analyzed, yet another news story appeared: A column in Governing, The Cyberthreat to Government That's Lurking in the Shadows (April 2017), highlighted the threat posed by the use of unsanctioned software on workplace computers as technological advances make it increasingly easy to download and install software and access cloud services.
The goal of the Cybersecurity 2016 Survey was to better understand the local government cybersecurity landscape, including what capacities cities and counties possess, what kind of barriers they face, and what type of support they have to implement cybersecurity programs.
Perhaps unsurprisingly, a key finding of the ICMA/UMBC survey was that insufficient resources presented the greatest barrier to achieving the highest levels of cybersecurity. Although nearly a third (32 percent) of respondents reported that their local government information systems had experienced more attacks, incidents, and breaches during the past 12 months than in the previous period, 58 percent cited the inability to pay competitive salaries as the greatest barrier; 53 percent cited insufficient number of cybersecurity staff; and 52 percent indicated that it was a general lack of funds.
It’s true that the public sector pays considerably less than the private sector for cybersecurity expertise, which places further pressure on U.S. local governments to find ways to fund compensation in this explosive industry. Currently, this booming field has zero unemployment and one million unfilled jobs, and experts estimate that the shortfall will reach 1.5 million by 2019.
On a more positive note, 77 percent of survey respondents reported that their local government had developed rules governing the creation and changing of passwords, and 62 percent had policies governing the use of personally owned devices.
Furthermore, when responding to questions about the top appointed official, only 3 percent reported that this official was unaware of cybersecurity issues, and only 3 percent reported that the official provided no support for cybersecurity.
When asked to rank the top three things most needed to ensure the highest level of cybersecurity for their local government, respondents cited greater funding as number one, better cybersecurity policies as number two, and greater cybersecurity awareness among local government employees as number three in importance.
Other highlights of the ICMA/UMBC cybersecurity survey results include:
Access the complete survey results.
ICMA has published articles and blog posts that describe ransomware and other cyberattacks, explain vulnerabilities and risks, and provide advice for securing systems and preventing breaches. Here are some key resources:
to rate this
Sign in to comment
University of Maryland At Baltimore County, MD
A national cybersecurity consortium can provide free or low-cost cybersecurity training for communities.
Sarasota, Florida, City Manager Tom Barwin reflects on lessons from a ransomware attack.
Local governments large or small can address cybersecurity challenges with common sense and creativity. Two managers share their experiences and...
While a security breach might be one of the last things on your mind, it can be a top concern...
411 N. Central Ave. Suite 400Phoenix, AZ 85004P: 888.496.0944F: 813.704.4393
Copyright @ 2014, Alliance for Innovation