A new survey from the National Association of State Chief Information Officers (NASCIO) finds that state chief information security officers (CISOs) have gained considerable strength and authority over the past few years.
CISOs cite state governments rapidly migrating operations and services to virtual environments – and expedited digital transformation efforts – as the source of their growing strength and authority. Due to the efforts of CISOs, NASCIO found that state agencies were able to “continue providing high-quality service to their constituents, despite the challenges imposed by a global pandemic.”
“State CISOs played critical roles helping the country successfully navigate the twists and turns of the pandemic, and this year’s survey identifies the steps needed to grow this increasingly public role and meet the current and future challenges faced by state agencies,” said Meredith Ward, director of policy and research at NASCIO and a co-author of the study.
The 2022 Cybersecurity Study, conducted in partnership with Deloitte, is based on survey responses from CISOs in all 50 states and three territories about current cybersecurity trends, challenges and opportunities.
In terms of their growing importance and authority within state governments, the survey found that all 50 states now have a CISO, and many are establishing new positions for chief privacy officers, chief risk officers and identity program directors.
Additionally, the survey finds that state legislatures increasingly are looking to codify the role of the CISO into state law, and funding the position. Legislatures are also codifying cyber initiatives into state law, such as enterprise risk management frameworks, cybersecurity legislative councils and cybersecurity training.
States also are increasingly relying on information and findings from CISOs to make decisions, with an increasing number of states requiring CISOs to provide periodic reports to senior state officials – such as the governor, legislature and agency secretaries.
In terms of what CISOs are working on, the survey finds they are looking to establish and activate a shared security services approach to “enable a whole-of-state approach to protecting local governments and public higher education institutions.”
And as the coronavirus pandemic lessens, CISOs have played an increasing role in the evaluation and implementation of new technologies statewide. CISOs are also focused on migrating state apps to the cloud as remote work, digital and mobile platforms have “become part of the fabric of daily life by which people work, communicate and transact.”
But while CISOs are seeing gains in importance and authority, they are still dealing with difficult obstacles. Those include the lack of cybersecurity professionals and other staff, which remains among the top five barriers cited by state CISOs. NASCIO found this year that demand for high-skilled workers has grown even more acute for public and private sector employers.
While cyberattacks have grown in both number and sophistication, headcounts for state cybersecurity professionals remain roughly the same as in 2020, and more than 60 percent of CISOs report gaps in competencies among their staffs, the NASCIO report says.