The Public Technology Institute, a membership group for IT officials serving cities and counties, on Wednesday released findings from a cybersecurity survey showing that nearly two-thirds of officials believe their budgets are inadequate to support their cyber programs.
The group’s annual survey, called the Local Government Cybersecurity National Survey, provides an overview of how city and county officials are thinking about cybersecurity and preparing for changes. The findings come as federal grant programs, such as the State and Local Cybersecurity Grant Program, funnel cyber funding through states down to the lower levels of government.
In addition to reporting a shortage of cybersecurity funding, officials also reported mixed levels of engagement with their IT security programs. Just 23% described themselves as “very engaged” in their organization-wide cybersecurity efforts, 67% are “somewhat engaged” and 10% said they were not engaged at all.
Despite funding shortages, PTI, which was purchased in 2019 by the nonprofit trade and certification association CompTIA, also found its membership is putting more money into protecting its networks and data. Fifty-five percent of survey respondents said their cybersecurity budgets have increased this year, while only 7% percent reported decreases.
Local officials ranked “cybersecurity strategy” as their top priority over the next 12 months, followed by risk assessments, malware detection and mitigation, multifactor authentication, zero trust architecture and artificial intelligence.
They also named their top cybersecurity challenges. Increasing sophistication of threats was ranked as the top challenge, followed by staffing shortages, legacy infrastructure and decentralized infrastructure.
Alan Shark, PTI’s executive director, said in a press release that the survey reflects local government’s recognition of cybersecurity as an “organization-wide priority.”
“Many organizations are implementing programs that promote cross-training, internships, and other opportunities to improve the capabilities of our cyber workforce,” Shark said.
The first portions of the $1 billion tranche of cybersecurity funding provided through 2021’s $1.2 trillion infrastructure spending law started flowing this year to local governments around the country to plug gaps in their staffs and toolsets. The funding, which is being distributed over four years, however, is also widely recognized to be only a small investment for what’s widely recognized as government’s most pressing and pervasive technology concern.
Some states, recognizing the dire shortage of cybersecurity staffing and other resources in their local governments, are foregoing the 20% allotment of federal funding for their own agencies and instead passing all funds down to their local governments.