Le Lézard
Classified in: Science and technology, Business
Subjects: SVY, STP

2018 Deloitte-NASCIO Cybersecurity Study: Top Challenges Persist Since 2010, Calls for Bold Changes


SAN DIEGO, Oct. 23, 2018 /PRNewswire/ -- Even as state government Chief Information Security Officers (CISOs) have increased their access to and communications with top leaders, the top three issues impacting states' cybersecurity remain the same from past surveys ? budget, talent and increasing cyber threats. These findings from the "2018 Deloitte-National Association of State Chief Information Officers (NASCIO) Cybersecurity Study" are a call for bold action to disrupt the status quo, according to the report authors.

As used in this document, "Deloitte" means Deloitte LLP. Please see  www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. (PRNewsFoto/Deloitte)

"We've been surveying state CISOs every other year since 2010 and these top three issues have not changed," said Bo Reese, NASCIO president and chief information officer (CIO), state of Oklahoma. "The reality is that the magnitude of threats is rarely matched in attention and funding in state government. Simply put, the time is now to be bold in state cybersecurity."

"While CISOs and CIOs have done a tremendous job over the years developing much needed governance plans and building relationships with state leaders, the funding and talent needed to fully address cyber risk is not there," said Srini Subramanian, principal, Deloitte & Touche LLP, and state and local government risk advisory leader. "The three bold plays outlined in this year's report provide state CISOs and CIOs additional ideas on ways to get more funding and overcome cybersecurity talent challenge."

The three bold steps state CISOs can take to overcome persistent challenges:

1)  Advocate for dedicated cybersecurity program funding.

Nearly half of all US states do not have a dedicated cybersecurity budget and data from this year's survey shows slower cybersecurity budget growth compared to 2016. In fact, most states still spend less than 3 percent of their information technology budget on cybersecurity.

Additionally, CISOs can also push for funding from federal agencies to implement the federal security requirements and controls. For example, state health and human services (HHS) agencies were able to secure funding from Centers for Medicare and Medicaid Services (CMS) to establish CMS's suggested Minimum Acceptable Risk Safeguards.

2)  Be an enabler of innovation, not a barrier.

In this year's survey, emerging technology initiatives in areas such as artificial intelligence, smart enterprises (smart cities), and blockchain technology rank at the bottom of the CISO initiative list, indicating that they may not yet be a priority for CISOs. To take on emerging technologies, CISOs should actively participate with state CIOs in shaping the innovation agenda, collaborate with state digital and innovation officers and lead the charge to help program leaders embrace and securely adopt new technologies.

3)  Team with the private sector and higher education.

This year's survey results show that states' cybersecurity teams remain small with an increase in the talent gap. More than half of CISOs have 15 or less full-time-equivalent employees.

To address the talent gap, CISOs can: increase their use of teaming with private sector with services level for select cybersecurity functions; form partnerships with local colleges and universities; and establish a network among state and local agencies, academia; and companies to share threat information, capabilities and contracts.

In addition to the top-three concerns outlined by CISOs, there are a number of emerging trends getting CISOs' attention, including: election security, cloud and outsourced data center security.

Other noteworthy trends in this year's report include:

About the survey
This survey is based on responses from US state enterprise-level CISOs with additional input from agency CISOs and security staff members within state governments.

CISO participants answered 56 questions designed to characterize the enterprise-level strategy, governance and operation of security programs. Representatives from all 50 states responded to this year's survey. The report was produced by Deloitte's Center for Government Insights and NASCIO.

About Deloitte
Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world's most admired brands, including more than 85 percent of the Fortune 500 and more than 6,000 private and middle market companies. Our people work across more than 20 industry sectors to make an impact that matters ? delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthy society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. 

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.

SOURCE Deloitte


These press releases may also interest you

at 09:00
Guidewire announced that Guidewire PartnerConnect Consulting and Global Premier partner, Ernst & Young LLP (EY), has achieved the global Migration Acceleration Specialization. Partners who have earned this specialization have demonstrated the...

at 08:55
Shield AI, Inc., a defense technology company building the world's best AI pilot, and Kratos Defense & Security Solutions, Inc. , a Technology Company in the Defense, National Security and Global Markets and an industry-leading provider of...

at 08:45
HYAS Infosec, the adversary infrastructure platform provider that offers unparalleled visibility, protection, and security against all kinds of malware and attacks, today announced that it has been awarded three top recognitions from Security Today's...

at 08:44
Understanding the underlying mechanisms of normal and pathological cellular processes is essential for developing new drugs. Fortunately, modern techniques and experimental methods have greatly accelerated progress. The latest issue of JPA features...

at 08:44
Environmental problems caused by population explosion such as global warming, natural resource depletion, deforestation, water shortage and plastic pollution are getting severe in the world. Regarding plastic pollution, micro-plastics, nano-plastics...

at 08:43
WIN (Women In Negotiation) is pleased to announce Walmart Connect as its presenting sponsor - for its eighth annual WIN Summit to be held Thursday, May 30, 2024 in New York City....



News published on and distributed by: