State IT leaders review Ponemon's 2018 Cost of a Data Breach study
September 21, 2018
Government agencies have lower data breach costs, but something less replaceable than cash at risk.
New research from the Public Technology Institute shows that security is dominating local government investment in new projects and initiatives.
Jason Shueh is a tech editor at StateScoop with a specialty for civic tech and smart city news. His articles and writing have covered numerous subj...
City and county CIOs have listed cybersecurity as their primary focus for 2017, according to a survey published Thursday by the Public Technology Institute (PTI), a government research and consulting group.
The PTI 10th annual survey indicates that city and county IT leaders are aggressively pursuing cybersecurity tools, training and strategies to confront growing attacks. The survey results show that CIOs are investing heavily in cybersecurity with 55.2 percent of respondents reporting they were either planning new investments or were already making major cybersecurity investments. The number of new cybersecurity investments trumped investments in all other categories.
Further, in the category of cloud, CIOs ranked cybersecurity tools as the third most common technology supported by cloud systems, just beneath disaster recovery and application delivery.
Initially created by a 1971 grant from the National Science Foundation, PTI is research, education and consulting association supported by the National League of Cities and the National Association of Counties. Deltek, CompTIA and GrantThornton partnered with the PTI on the research and Chris Dixon, Deltek's senior manager of SLED market analysis, said the heightened development of IT security is part of an ongoing trend the survey has recorded in the past few years.
"Definitely the most active areas of investment have been in information and security, I think this puts some numbers to the anecdotal truth that we all know instinctively," Dixon said.
The survey asked CIOs to characterize the focus of their cybersecurity programs and found most — 56 respondents — had designed programs to improve cybersecurity culture. This was followed by an emphasis on security awareness training and adoption of technology to continuously monitor vulnerability.
Alan Shark, PTI's executive director, said the top three focus areas are commonly recognized goals, but a new focus was seen in the category of cybersecurity insurance, with 41 respondents reporting that they are investigating the service. An analysis by the Department of Homeland Security said cybersecurity insurance plans offer assistance with costs that arise from data destruction, data theft, extortion, hacking, denial of service attacks and legal claims for defamation, fraud, and privacy violations.
"Cybersecurity insurance is interesting. It's almost like hedging your bets, so to speak, so that if something happens, you are somewhat prepared," Shark said. "Yet there are a lot of misunderstandings about cybersecurity insurance. It's a relatively new product — very few people that we know actually have gotten any [claims] paid as a result and we shall see how that plays out."
Yet he cautioned that cybersecurity insurance is no substitute for a strong defense, since no type of insurance can guard against a loss of public trust and, according to the DHS, most policies do not cover physical damage or bodily harm due to cyber attacks on infrastructure.
"I always tell people that with breach insurance, you can cost-justify it, but there is no excuse for sound digital hygiene," Shark said.
Apart from cybersecurity, CIOs also had a lot to say about smart city and county technologies. Most were just beginning the process of implementing different smart technologies or had not started yet. There were 50 who said that had done nothing in the area, 49 who were just beginning to adopt some of the technology and 17 CIOs who said they were already "well along" in their smart city strategy development.
The survey results say that those who had started to draft a smart city strategy saw a policy roadmap as the best way to lay a foundation. Meanwhile, the Internet of Things held the dominant place in the category of "most impactful" smart technologies in the next three to five years, an opinion supported by 84 CIOs. Artificial intelligence, at 38 respondents, and connected/autonomous vehicles, at 28 respondents, filled out the next top spots on the list.