This year’s class of state chief information officers may enjoy an unprecedented opportunity to mature in their roles as IT leaders, the head of the National Association of State Chief Information Officers said Thursday.
Within the past 15 years, only three state CIOs have lasted more than 10 years, said NASCIO Executive Director Doug Robinson. Most are out within roughly two years, in part because new governors almost always appoint their own cabinet-level technology officials, but at least four state CIO offices have survived the recent round of 21 gubernatorial transitions, including California’s Amy Tong, Idaho’s Jeffrey Weak and Greg Zickau, South Dakota’s Pat Snow, and, most notably, Kansas’ Lee Allen, who survived a party switch under newly inaugurated Democratic Gov. Laura Kelly.
Eleven new CIOs have been appointed so far this year, according to NASCIO. A handful of CIOs have stepped down in recent weeks in anticipation of incoming administrations — former Florida CIO Eric Larson stepped down earlier this month following the inauguration of Gov. Ron DeSantis — while several others await their new governors’ decisions. A CIO is often among the last roles an incoming governor will appoint, Robinson said last November.
Exactly what the unusual and “surprising” retention of several CIOs could mean for state government is unclear, Robinson said, because there’s very little data on longstanding CIOs. Anecdotally, though, CIOs who have been allowed to stay in their roles for many years enjoy a chance to work in a more optimized way, he said.
“The continuity of leadership at that position is beneficial,” Robinson said. “This next group of CIOs and the ones that have got to stay for maybe an additional four-year term or maybe eight-year term, will be interesting for us to monitor.”
Speaking during a webinar hosted by NASCIO and the Public Technology Institute, an organization for local-government CIOs, Robinson also highlighted several other upcoming changes for 2019 that state IT leaders can expect, such as a shift in cyberthreats.
“It’s not all about the theft of data anymore,” he said. “It’s about disrupting the continuity of government.”
NASCIO survey data shows that cybersecurity awareness training is more prevalent as it’s now mandatory in about half of states, but “there’s still a long way to go,” Robinson said.
“We were stalled for several years, but if you look at the metrics, cybersecurity maturity in states is improving,” he said.
State chief information security officers also think there’s a long way to go, as they cite budget and difficulty paying for top-tier cybersecurity talent as their top concern.
PTI Executive Director Alan Shark said a similar cybersecurity trend can be found in local government, where 64 percent of organizations report having established a program for cybersecurity awareness training. But when it came time to validate whether organizations were using their programs or enforcing what was taught, “that’s where things got hard to measure,” Shark said.