Nearly three out of four of states’ CIOs (74%) say they have adopted cybersecurity strategic plans, up from 61% in 2014, according to a recent survey by the National Association of State Chief Information Officers (NASCIO).
In addition, 52% of the 47 NASCIO members surveyed say they’ve developed a cybersecurity disruption response plan, and then tested that plan. And 20 percent say their states have purchased cyber insurance, in response to a question that wasn’t included in years past, according to “NASCIO’s 2015 State CIO Survey: The Value Equation,” done in collaboration with accounting firm Grant Thornton LLP and the Computing Technology Industry Association.
As well as responding to questions about cybersecurity, CIOs were also asked to give their perspectives on a number of issues, including the emerging role of the CIO as a broker of shared services; the use of incremental software development approaches to accelerate the delivery of value to customers; and characteristics respondents felt were most valuable for and critical to the success of a state CIO.
As part of the survey, the state CIOs were asked about the most significant barriers they faced in dealing with cybersecurity. By far, the barrier cited by most CIOs (77%) is the increasing sophistication of threats, while 64% point to a lack of adequate funding and 62% mention the inadequate availability of security professionals.
At the other end of the spectrum, just 2% (one CIO) cite “lack of executive support” as a major barrier to “cyber preparedness.” That’s good news because it means the states’ top officials are willing to work with their CIOs to address the ever-growing cyberthreats.
However, 43% of CIOs say that emerging technologies hinders their ability to successfully address cybersecurity; 23% of the states CIOS point to the lack of visibility/influence with the enterprise as one of the major obstacles to addressing cybersecurity; and 13% are concerned about the effect the lack of governance and security will have on their cybersecurity plans, according to the report.
The CIOs also commented that cybersecurity remains a hot and viable issue but investment in security technologies lagged behind the political and media attention that’s paid to it, according to NASCIO.
Although the survey has been conducted for the past six years, NASCIO first added the questions about state cybersecurity in 2013. In this year’s survey, 87% of the 47 responding CIOs said their states have developed security awareness training for workers and contractors, compared to 80% in 2014 and 78% in 2013.
This year 80% of state CIOs say they’ve adapted cybersecurity frameworks based on national standards and guidelines, just about the same as in 2013 (78%) and 2014 (80%).
Additionally, this year 80% of state CIOs note that they’ve acquired and implemented continuous vulnerability monitoring capabilities, two percentage points higher than in 2014 and 2013. And 80% of respondents say they’ve established trusted partnerships for information sharing and response, up from 69% in 2014 and 80% in 2013.
As the sophistication of cyber threats grows, state CIOs, like their counterparts in the private sector, are increasingly concerned about preventing as well as combating cyber attacks.
As such, about three-quarters of the 47 respondents say they have created a culture of information security in their state governments that encompasses a governance structure of state leadership and all the key stakeholders.
They understand that most effective cybersecurity programs produce accurate assessments of the risks associated with each system the government maintains, as well as for the network as a whole.
Back to blog
The post Survey: More State CIOs Making Cybersecurity Plans appeared first on SecureLink.