Only one has a cabinet-level official dedicated to the issue
By Katherine Barrett & Richard Greene | Governing magazine
A spike in cyberattacks in recent months has left state and local governments reeling. Baltimore faces more than $18 million in losses following a May ransomware attack. Several Florida cities were hit in June. And Los Angeles police data was hacked in late July.
A 2018 report from the National Association of State Chief Information Officers (NASCIO) found one unidentified state undergoing 300 million attacks a day — up from 150 million two years before. Cybersecurity and risk management is at the top of CIOs’ list of 10 priorities for 2019, according to an annual NASCIO survey.
Rhode Island was making it the biggest priority. In 2017, it became one of only two states with a cabinet-level cybersecurity position. (The other is Idaho, according to Meredith Ward, NASCIO’s director of policy and research.)
But this pioneering approach wasn’t long-lived in Rhode Island.
Last month, the position was removed from the state’s 2020 budget. High-level officials in the state, including its CIO, are confident that cybersecurity will continue to be a priority, but others worry it will receive less attention.
Cybersecurity must be given precedence by governments of all sizes. As communications subject to the Freedom of Information Act and public records request, licenses and permits, and sensitive tax and financial data are increasingly digitized, it is imperative that governmental entities take the utmost care to avoid risk exposure.
Baltimore showed hackers can and will hold government information hostage. Many organizations have developed best practices for data security, including the National League of Cities. Governmental entities would be wise to invest in cybersecurity measures and implement training now rather than facing the wrath of voters after their systems are breached.