How State Governments Struggle With Cyber-threats
State governments often have trouble hiring staffers with well-rounded cyber-security skills, leading to outsourcing many cyber-security functions.
47% of survey respondents describe phishing, pharming and other related incidents as “very high” threats, and 42% said the same about social engineering. Nearly three of 10 describe ransomware as a very high threat.
67% said they have a “documented and approved” cyber-security strategy, up from 55% who said this in 2014.
Just 31% said their state cyber-security budget has increased more than 6% this year, but that’s up from 21% who said this in 2014.
Incident response: 83%, Logical access control: 79%, Compliance and risk management: 69%, Cyber-security research and development: 57%, Audit or certification costs: 48%
73% of survey respondents said they employ the equivalent of no less than six full-time workers as part of their enterprise cyber-security team, and 22% said they’re employing the equivalent of at least 16 full-time staffers.
96% said their state’s salary rates and pay grade structures negatively impact their ability to develop, support and maintain their cyber-security workforce.
56% said their staff has gaps in cyber-security competencies.
Cyber threat risk assessments: 54%, Forensics/legal support: 44%, Cyber threat management and monitoring services: 35%, Vulnerability management: 27%, Audit log analysis and reports: 23%
45% of survey respondents said the subject of cyber-security is presented or discussed at agency/office executive leadership meetings every month, up from 30% who indicated this was happening in 2014.
30% said training and awareness will be a top cyber-security initiative for 2016, while 37% cited the implementation of monitoring/security operations centers (SOCs).
Lack of sufficient funding: 80%, Lack of cyber-security professionals: 51%, Lack of documented processes: 45%, Increasing sophistication of threats: 45%, Absence of visibility and influence within the enterprise: 33%