Security is again the top priority of state chief information officers following a number of high-profile breaches at the state level that has brought the issue of cybersecurity all the way to the governor’s mansion, according to a new survey from the National Association of State Chief Information Officers.
The survey ranks the top 10 priorities for state CIOs in 2014 and included input from 51 CIOs from across the country. Security, a long-time member of the list, topped this year’s ranking, followed by consolidation, cloud services and enterprise portfolio management.
Strategic IT planning, budget and cost control, mobile services, shared services, FirstNet and health care rounded out the list.
The 2014 priorities align with the results of the Annual State CIO Survey conducted by NASCIO in partnership with TechAmerica and Grant Thornton.
NASCIO President and Mississippi Chief Information Officer Craig Orgeron, who testified before a congressional subcommittee last week on the growing need for cybersecurity resources at the state level, said malicious actors have turned their attention toward state governments because of the federal government’s efforts to become more secure.
“It is significant that security has now risen to the No. 1 priority on our top 10 list,” Orgeron said. “As I presented in congressional testimony before the Committee on Homeland Security last week, cyber-attacks against state governments are growing in number and becoming increasingly sophisticated. Security has to be the top priority for all sectors. Clearly, from our top 10 voting results, the state CIOs agree on this.”
Doug Robinson, executive director of NASCIO, said in an interview with StateScoop security has been a long-standing priority on NASCIO’s annual top 10 list, topping the rankings in 2005 and 2006 as well.
The recent surge, he said, comes from high-profile breaches in places like South Carolina and Utah that brought the issue of cybersecurity to state governors who want to avoid a similar situation to happen in their state.
“I don’t think cyber has reached campaign status yet, where governors and other elected officials will discuss it while running for office, but it has reached a higher level of importance,” Robinson said. “Governors see the risk that these breaches can bring to the state and financial implications they can have, so avoiding them has become a top priority for everyone involved.”
As for surprises, Robinson said he did not expect project and portfolio management, which finished fourth, to be as high on the list as it is. He said in the history of the list, strategy and process trends tend to come onto the list slower and gain steam over time, but project and portfolio management jumped onto the list after not being included in previous years.
Robinson also said he was slightly surprised disaster recovery did not make the list, although it did come in 11th place and fell just one vote shy of the 10th place finisher.
“The list gives state CIOs a chance to prognosticate what is on their mind,” Robinson said. “While each state might be a little different, the list looks to give a snapshot of what they are thinking as a whole at a given time.”