State Cybersecurity Budgets Declining

Federal agencies maintain a lot of personal information on their computer networks and systems, but it's actually state governments that are the "custodians of the most comprehensive collection of citizens' personally identifiable Information," according to the National Association of State Chief Information Officers. And yet, 79 percent of state cybersecurity chiefs report stagnant or cut budgets, despite an increase in internal and external threats.

Federal agencies maintain a lot of personal information on their computer networks and systems, but it's actually state governments that are the "custodians of the most comprehensive collection of citizens' personally identifiable Information," according to the National Association of State Chief Information Officers. And yet, 79 percent of state cybersecurity chiefs report stagnant or cut budgets, despite an increase in internal and external threats.

NASCIO and Deloitte conducted a survey of states chief information security officers -- 49 of which responded. Here are some of the findings:

  • Between 2009 and 2010, 46 percent of state CISOs saw budgets decrease; 33 percent said their budgets remained the same.
  • 11 percent of respondents said 0 percent of the department's IT budget is allocated specifically to information security; 50 percent said 1 to 3 percent is.
  • When asked to identify the major barriers in addressing information security, 88 percent pointed to lack of funding. Fifty-six percent pointed to the increasing cyber threat, and 40 percent to inadequate availability of security professionals.

"Many state CISOs lack the visibility and authority to effectively drive security down to the individual agency level," said Srini Subramanian, director of Deloitte's state government security and privacy services. "At the federal level, the president has recognized the critical nature of the problem and appointed a cybersecurity coordinator to address it. It's imperative that governors and state legislative leaders make cybersecurity a priority."

NEXT STORY: A DNI Legal Leak