According to a new survey, many states lack the proper resources to adequately protect some of their citizen’s most personal information. The NASCIO / Deloitte survey also found that internal and external threats to personal identifiable and personal health information are growing.
In a report entitled, “State Governments at Risk: A Call to Secure Citizen Data and Inspire Public Trust,” 79 percent of State Chief Information Security Officers (CISOs) said their budgets for cybersecurity were cut or remain stagnant in the face of increasing threats. “Unprecedented budgetary cuts across state governments and growing reliance on contractors and outsourced IT services are creating an environment that is even harder to secure, and the report highlights the growing concerns of CISOs in this regard,” Steve Fletcher, president of NASCIO and CIO of the State of Utah, said in a statement.
But the problem is not just funding, says Deloitte’s Srini Subramanian. “Many state CISOs lack the visibility and authority to effectively drive security down to the individual agency level,” Subramanian said.
For this reason, the joint study suggested that states focus on governance and strategy to help CISOs receive the statutory support they need to raise the level of cyber awareness in their state, as well as the technical guidance to achieve security compliance.
Another key component of the study said that states must do a better job managing how contractors, service providers and other third party vendors handle sensitive and critical citizen data. Subramanian mentioned that President Obama has appointed a cybersecurity coordinator to address the issue, adding that governors and state legislators should make similar commitments to protecting citizen data.