County & Local

On cybersecurity, local IT officials still struggle to gain leaders’ interest

CompTIA's Public Technology Institute found that local cyber budgets increased slightly over the past year, but many elected officials still aren't tuning in.

By Benjamin Freed

October 27, 2021

(Getty Images)

A majority of city and county IT executives said their cybersecurity budgets increased over the past year, according to a survey published Wednesday by the Public Technology Institute, the local-government arm of the industry group CompTIA. But while the annual survey found that 59% percent of IT executives reported having more money for security than in 2020, 58% still say their financial resources are insufficient to counter cyber threats and support cloud initiatives.

While PTI called that figure “worrisome,” it is an improvement from the 64% of local IT officials who shared those budget woes in 2020. Funding levels were also found to have been improved slightly by recent rounds of federal aid to state and local governments, with some of that money being “specifically directed towards network monitoring and in some cases replacement of aging and hard to secure digital infrastructure,” the survey found.

The survey is an annual canvass of PTIs members, about 75 of whom responded to this year’s query, according to CompTIA.

Meanwhile, cybersecurity awareness among the city and county leaders was found to be mixed. Only 22% of respondents said their local leaders were “very engaged” with cyber policies, while 51% said leaders were “somewhat engaged” and 22% said leaders were not engaged at all. That disinterest is a nagging issue for PTI, its executive director, Alan Shark, said in a press release.

“The results of this year’s survey show that local technology leaders continue to struggle with budgets and with bringing more local officials into the decision-making process when it comes to cybersecurity programs,” Shark said.

The survey did find a few brighter trends, though. Eighty-one percent of local IT leaders said their governments have enterprisewide policies for employees’ online behavior, while 73% said they’d reviewed or revised cybersecurity policies in the past 12 months. And 92% said they offer cyber hygiene training to government workers, with nearly two-thirds saying training is offered year-round, instead of just once a year — though in 24% of jurisdictions, elected officials and other senior leaders can skip the training.

“Security awareness training comes in multiple forms. Regardless of the form you have, it is critical to do awareness training continuously so users remain vigilant in your organization’s efforts to prevent and defend against attacks,” Michael Dent, the chief information security officer for Fairfax County, Virginia, is quoted as saying in the report.

Despite the struggles for funding and attention from local leaders, though, the PTI survey found better relations between local IT executives and their state-level counterparts. Three-quarters of respondents rated their collaborations with state IT and cybersecurity offices as “excellent” or “fair,” a trend the survey credits to CompTIA’s longstanding relationship with the National Association of State Chief Information Officers.