Closing digital divide will boost cyber too, NASCIO says

The digital divide, the gap between people who have access to digital technology and those who do not, is often used to describe the lack of high speed internet access in rural and small communities. A new report from the National Association of State Chief Information Officers shows that the same communities affected by the digital divide also face disproportionate challenges in securing their digital environments.

The report, published Thursday, lays out barriers for these communities, such as the lack of adequate funding and cyber awareness, and offers recommendations for how states can further expand the whole-of-state model by taking a more inclusive approach to cybersecurity, including training, interagency partnerships and investing in more platforms with built-in security features.

As the world increasingly relies on digital platforms for government services, financial transactions, communication and personal data storage, the risks associated with cyber threats has increased. According to Sophos, a cybersecurity research platform, 34% of state and local government organizations were hit by ransomware in 2024.

“Cybersecurity criminals target small local governments, K-12 schools and underserved communities because they lack the resources and capabilities to thwart these attacks,” NASCIO’s report reads.

More money, more problems

In a separate NASCIO cybersecurity study published last September, state CISOs indicated that while their cybersecurity budgets are rising, they are not increasing at the same rate as cyber threats. The report urged states to increase cybersecurity budgets to sufficiently address the needs of all state residents, including those in underserved communities.

NASCIO’s latest report notes that in municipalities, however, funding is not the only obstacle to improving cybersecurity.

“First, officials in smaller, local agencies often lack cybersecurity training and awareness resulting in a lack of basic cyber hygiene,” the report states. “Second, cybersecurity infrastructure within local agencies may not be up to state standards and requirements.”

Additionally, local governments that receive funding without direction can lead to cybersecurity hardware and software purchases that officials cannot fully utilize because of what the report calls, “digital exclusion,” such as the lack of digital literacy programs and modern technology infrastructure, a situation that can increase risks for underserved communites.

Another challenge to cybersecurity expansion facing communities is population density.

“States with large rural areas and few metropolitan areas see a majority of the population concentrated in major cities, making it difficult to keep momentum behind initiatives intended to benefit underserved communities,” the report states.

A more inclusive approach

To address the cybersecurity challenges facing government agencies and to bridge the digital divide, the report recommends states take an inclusive approach to cybersecurity and privacy that prioritizes making critical security technologies available to everyone, regardless of their resources, capabilities or demographics.

As an example, the report points to the State of Idaho, which is increasing cybersecurity competency, state and local collaboration and fostering trust by reinforcing localities with skilled cybersecurity professionals. It also points to New Hampshire’s Municipal Cyber Defense Program, which provides grant-funded cybersecurity training to municipal entities and residents through intra-agency partnerships between the Department of Information Technology, Department of Safety and the Public Risk Management Exchange.

The NASCIO report also urges state and local governments to maximize state, local and education cybersecurity funding by providing cash to localities that have detailed spending plans to address their needs. It also encourages adoption of .gov domains for all local government websites and applications and the development of intra-agency cybersecurity campaigns and the promotion of cybersecurity as a vital, nonpartisan issue in state legislatures.

“For states, prioritizing cybersecurity in underserved communities is not just a matter of protecting data but also of ensuring equal access for all citizens,” the report concludes.