The 2016 Cybersecurity  survey[1] of local government chief information officers revealed that the general inability in local government to offer competitive salaries, combined with a lack of cybersecurity staff, and a recurring lack of funds  have prevented local governments from achieving higher levels of cybersecurity[2].

Almost a third (32%) of the respondents reported an increase in cyberattacks in 2016. None the less,  some 53% reported that the inability to pay competitive salaries prevented them from hiring experienced cybersecurity staff.  Others (52%) believed the primary obstacle was the general lack of funds.

Generally speaking, the public sector tends to pay considerably less than the private sector for cybersecurity skills; as a consequence, public agencies are under pressure to find ways to attract cybersecurity experts.  Most experts  concur that the field has basically a zero rate of unemployment and one million unfilled jobs.  Expectations are that the number of unfilled jobs will only increase significantly in the future.

When asked to identify the  most critical items to ensure that the public sector could develop higher levels of cybersecurity, those surveyed named  greater funding as the number one priority, better cybersecurity policies as  number two, and much greater cybersecurity awareness among local government employees as number three.

Local government are increasingly reliant on technology and the Internet to deliver their services to citizens and businesses.  They must also become more “diligent” about providing security to the data and information that they collect and store.   As time goes on it is becoming critical that local governments also understand the potentially “staggering” costs to restore data and what resources are needed to achieve cybersecurity objectives.

Other aspects of interest from the survey results indicate:

  • Only 1% of those local governments that responded have a stand-alone cybersecurity unit. In many cases the primary responsibility is located in the IT department.
  • Around 62% of the responding agencies reported that a formal policy has been developed to govern the use of personal devices owned by government officials and employees.
  • Almost 70% of responding local government reported that no formal written cybersecurity risk management plan has been developed, but, on the other hand, nearly 41% do conduct an annual risk assessment and an additional 16% evaluate their risk at least every two years.

While the survey was carried out in the US and covered some 3,423 municipalities and counties with populations of 25,000 or greater,  the results are similar to others in Europe[3].

Ancitel SpA.

[1] Survey of local government chief information officers carried out by ICMA (International City/County Management Association in partnership with the University of Maryland Baltimore County).

[2] Survey results carried in news item from PR Newswire

[3] Organizations like the Observtory on Digital Innovation have constantly over the years underscored that the primary issue in digital innovation is not technology but resources for formation and training of employees and public officials.