Advertisement

Many local cyber budgets sufficient to address threats, report shows

A growing majority of local government IT leaders say their cybersecurity funding is adequate to protect their agencies from threats.
Listen to this article
0:00
Learn more. This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.
magnifying glass over cash money
(Getty Images)

Cybersecurity is becoming an increasingly expensive priority for state and local governments, with more funding going to enhancing security postures through employee training, software purchases and technology improvements, according to a report published Tuesday by the Public Technology Institute, a group that supports IT officials in local governments.

The new report, which follows a survey of 200 IT leaders in city and county governments, found a positive trend when it comes to local governments’ cybersecurity budgets: 72% of IT officials claimed their budgets are adequate to address the current cybersecurity threats, including to pay for risk assessments, malware detection and mitigation strategies. That figure is an increase from the 64% reported in a survey the prior year.

The Institute’s findings are a step in the right direction for IT leaders, especially when viewed in light of recent findings in other reports showing that some cybersecurity costs are rising. The IT security firm Sophos in August published a report showing that the average cost of recovery from ransomware attacks rose to $2.83 million in 2024, more than double the $1.21 million reported in 2023.

Survey results published in September by the National Association of State Chief Information Officers meanwhile showed that 40% IT leaders said their cybersecurity measures fail to keep government and citizen data safe, partly due to lack of adequate funding.

Advertisement

Another positive trend, according to the PTI report, is an increase in a dedicated cybersecurity leadership position within local governments. In 2024, 67% reported having a dedicated role for managing daily operations and developing long-term security planning. In the previous year only 52% reported having a dedicated cybersecurity role.

“Having a CISO is growing in importance to better balance and manage cyber risk factors that affect every organization. This role places an importance on innovation and protection of critical data and systems,” the report reads.

Latest Podcasts