As an industry, Cybersecurity is flourishing but local and regional governments are suffering due to a lack of resources and qualified staff. Increasingly it’s more difficult for the public sector to attract staff and pay competitive salaries.

Cyber attacks are increasing as time goes on. As time goes on local governments are increasingly more dependent on technology and the Internet. Local officials are aware they must also become more diligent about the security they provide for data and information that they collect. Given that the costs for recovering compromised data are staggering, they must understand better what resources they need to ensure the safety of their data. The critical issue remains a lack of qualified staff.

While greater funding, in our experience, is needed to ensure higher levels of security, it is just as important to promote an awareness of cybersecurity among government employees and to develop clear cybersecurity policies that involve government employees their planning and execution. Few municipalities have a separate cybersecurity department. Very often the responsibility of following cybersecurity issues is left with the IT department, if it exists. Generally speaking, municipalities in Italy only begin to have personnel dedicated to IT when their population is 10.000 or more (which means only about 15% of municipalities have IT staff). The other 85% lack qualified staff to follow cybersecurity issues. This lack of staff is even more critical in those municipalities under 5,000 inhabitants (approximately 69% of the total number municipalities).

As in other countries like Spain and France these smaller municipalities represent a “weak link” in the network. Despite recent reforms on a national level in the EU local governments are still suffering from limited resources. In the UK the LGA has been training local officials for a number of years in a variety of areas. It will be that type of initiative that will be important to truly change the situation of local governments and help make them protect their data and information more effectively.

Cesviter Team

• Roughly 62 percent of responding jurisdictions have developed a formal policy governing the use of personally-owned devices by governmental officials and employees.

• Nearly 70 percent of responding local governments have not developed a formal, written cybersecurity risk management plan, but nearly 41 percent conduct an annual risk assessment and an additional 16 percent take stock of their risk at least every two years.

The 2016 Survey was mailed (with an online option) to the chief information officers of 3,423 U.S. municipalities and counties with populations of 25,000 or greater. Responses were received from 411 local governments for a response rate of 12 percent.

Review the complete results of the survey at: http://icma.org/cybersecurity2016surveyresults.