State Cybersecurity Funding Not On Pace with Demand

State Cybersecurity Funding Not On Pace with Demand

By Josh Ellars | December 08, 2014

Cybersecurity spending by State governments has increased 34% in just the past two years, concludes a recently completed 2014 Deloitte-NASCIO Cybersecurity Study by Deloitte and the National Association of State Chief Information Officers (NASCIO). Despite that increase, allocated funding is not keeping pace with demand as State governments are rapidly expanding their IT operations.

Roughly 46% of survey respondents stated that only 1-2% of their IT budgets were devoted to cybersecurity efforts. And while 60% of elected officials were confident that their States were prepared to combat cyberattacks, their CISOs were less confident at 25%. Since political officials are often on the front lines of asking for additional budget to fund such endeavors, the stark difference between 60% and 25% shows the perception problem that belies this underfunding issue. And with the introduction of a growing array of threats to sensitive data, CISOs not only have a wider berth of responsibility but a broader risk pool.

So how much should State budgets allocate to the growing demand for cyber-security preparedness? In a recent Wall Street Journal’s Risk & Compliance Journal article Cybersecurity Shortfalls Seen Among States: Survey about the results, David Behen, CIO for the State of Michigan and Director of its Department of Technology, Management and Budget, quantifies that vital need as he intends to increase funding in the next two years to 10-12% of his State’s IT budget. This is, of course, a major departure from the survey’s 1-2%.

As is the case with Mr. Behen, risk is part of every CISO’s and CIO’s burden. They’re doing what they can to seek alternative sources of funding and to find ways to reallocate existing money to attack the growing security threat – a hazardous position that could also pose future funding problems for a State’s remaining IT initiatives.

The proposed solutions could include a simple recipe of one part political awareness, one part practical risk assessment and one part doomsday preparation. There is no question that State CIOs and CISOs need to find a way to better communicate their State’s cybersecurity threats to their political representatives. Until then, State IT Officers will stretch what budget they have to not only identify today’s risks but build an IT infrastructure to position themselves for a secure future.

Check out our Public Sector page to learn how Metalogix can help your State meet its growing cybersecurity demands.

Leave a Comment