A new report from Deloitte and NASCIO shows that public sector response to cybersecurity is evolving rapidly as IT shops work to gain a foothold against increasingly sophisticated threats. Still, the old problems of insufficient funding, top-level buy-in and a shortage of skilled talent willing to work in the public sector are leaving government vulnerable.
Report data shows that while nearly half of CISOs have reported an increase in their budgets, that increase wasn’t enough to bridge the widening needs gap. Respondents said a lack of resources and funding was the biggest barrier to battling cyber threats. The number of IT shops reporting a lack of qualified talent also jumped up to 59% this year, compared to 46% in 2012.
Funding for cybersecurity efforts comes from a range of sources. According to the data, almost half (49%) comes from DHS, while the remaining half is divided among programs, state funding, state emergency management, other federal funding, and some provisions within the Affordable Care Act. This mix goes to cover awareness and communication costs; compliance and risk management; incident response; infrastructure protection, and security consultants.
The role of CISOs is also changing. The responsibilities of the position are becoming more consistent state to state. “CISOs today are responsible for establishing a strategy, execution of that strategy, risk management, communicating effectively with senior executives and business leaders, complying with regulators, and leading the charge against escalating cyber threats using various security technologies,” report authors write.
CISOs are also being tasked with briefing both the government itself and individuals when a breech occurs. As a result, CISOs are actively looking for ways to establish metrics or other types of measurement systems in order to aid explanation by being able to set benchmarks for success.