The National Association of Chief Information Officers’ (NASCIO) latest survey finds that the majority of state chief information security officers (CISOs) say their responsibilities are increasing, yet more than one-third do not have a dedicated cybersecurity budget.
Additionally, the survey, created in partnership with Deloitte, found that four of the 51 state CISOs surveyed said their state IT budgets allocate less than one percent for cybersecurity.
“The ability of government to deliver on its mission depends on data – and on the security of that data,” said Srini Subramanian, principal at Deloitte & Touche LLP and Deloitte’s Global Consulting Government and Public Services leader. “The attack surface is expanding as state leaders’ reliance on information becomes increasingly central to the operation of government itself, and CISOs have an increasingly challenging mission to make the technology infrastructure resilient against ever-increasing cyber threats.”
In comparison, NASCIO pointed out that most Federal agencies earmark more than 10 percent of their IT budgets for cybersecurity, yet states are lagging behind that mark significantly.
In addition to cybersecurity concerns, the report – which surveyed state CISOs from all 50 states and the District of Columbia – found that the emergence of generative artificial intelligence (GenAI) technology was top of mind for many CISOs. Nearly three-quarters of respondents believe that the risk of AI-enabled threats is “high,” and 41 percent said they are concerned about team’s ability to handle those threats.
Despite having concerns over the threats posed by GenAI, state CISOs are increasingly relying on the emerging technology to shore up their cybersecurity capabilities. A total of 21 said they are already using GenAI to improve security operations, while another 22 plan to adopt GenAI within the next 12 months.
“The good news is many state CISOs have been able to increase employee headcounts, adding specialists to their teams who are focused on cybersecurity-related issues,” said Meredith Ward, deputy executive director at NASCIO and a co-author of the 2024 Deloitte-NASCIO report.
“In 2020, 16 percent of CISOs had fewer than five employees dedicated to cybersecurity initiatives,” she said. “Today, that percentage has dropped to just 4 percent. In addition to growing their teams, our research found these leaders are determined to find creative solutions to protect their organizations and the public.”