Cyber-attacks on government institutions and critical infrastructures have increased considerably in recent years, with the United States seemingly painted as the bullseye for ransomware operators in 2019. Infosec experts argue that state institutions spend too little on cybersecurity, and a recent study shows they may be right
A new report from Accenture and the US National Association of State Chief Information Officers (NASCIO) asks state chief information officers (CIOs) about keeping up with the times. A chief information officer (CIO) is typically the person in charge of information technology (IT) strategy and the technology required to support the organization's objectives and goals, including cyber-defense.
Innovation hampered by lack of funding, skills
The survey shows most state CIOs see innovation as a major part of their job, but also a major hurdle because they lack the budget, staff and time to act on it.
83% said innovation is an important or very important part of their day-to-day leadership responsibilities – while only 14% reported extensive innovation initiatives within their organizations. In previous years, NASCIO has repeatedly highlighted innovation as a top ten concern facing state CIOs.
The survey focused on identifying current practices and CIOs’ views regarding obstacles to innovation. A lack of funding is seen as the top barrier, cited by 63% of respondents, followed by a workforce skills gap and time. In fact, workforce skills are a pervasive challenge (as highlighted by many other studies in recent years).
85% cited struggles finding the right skills for innovation, and 46% identified a lack of skills as the top barrier for innovation.
Executive support for innovation is perceived as low, with only 26% saying their state administrative leadership has made innovation a stated priority, and 6% saying their state legislature has done so.
The real cost of cybersecurity
Innovation is an area in need of improvement among most organizations, not just state institutions – especially in the IT department. A Bitdefender survey of more than 6,000 infosec professionals in large organizations across the US, EMEA and APAC shows that, while many rate their cybersecurity as ‘good’, a continued lack of budget, talent and training leaves much room for improvement.
The main obstacles to strengthening the organization’s cybersecurity posture include lack of budget, cited by 39%, and the lack of skilled personnel, at 35%. Encouragingly, 70% of organizations provide ongoing cybersecurity training and support to their staff.
“Organizations placing more emphasis on training are better at detecting attacks quickly, and more efficient at isolating them,” said Bogdan Botezatu, Director or Threat Research at Bitdefender. “Ultimately, cybersecurity has improved over the last 36 months, but IT workers are still facing a great deal of stress and risk. This means that getting the right strategies and solutions in place is imperative. In fact, it will ensure the trend of stress and risk doesn’t stretch into future years.”
The Accenture/NASCIO study highlights approaches and success factors that can advance innovative practices in state government, complete with examples of leading practices of state CIO innovation governance structures, ecosystems, budgeting for innovation and recommendations to help state CIOs develop operating models and initiatives that can drive innovation in state government.