2012 Deloitte-NASCIO Cybersecurity Study
State governments at risk: A call for collaboration and compliance
The second biennial Deloitte-National Association of State Chief Information Officers (NASCIO) Cybersecurity Study, conducted in the summer of 2012, assessed the security of state digital data and cyber assets administered by state chief information security officers (CISOs). CISOs from 48 states, and two US territories, participated in the survey. 63 business official stakeholders from a broad cross-section of states responded to a parallel survey. The study highlights the challenges that states and chief information officers (CIOs)/CISOs face in protecting states’ critically important systems and data. The survey results call for a greater collaboration among state CIOs/CISOs and business/program leadership of the executive branch agencies and elected officials.
"The states have the most comprehensive information about citizens from birth to death, from doctor visits to tax information and benefits information,” says Srini Subramanian, leader of Deloitte’s security and privacy practice to state governments and one of the report’s authors. “States have the most comprehensive information compared to any private sector organization.” — “Report: States Face Growing Cybersecurity Threats,” Stateline: The Daily News Service of the Pew Center on the States, October 26, 2012.
Less than one quarter (24 percent) of CISOs are very confident in their states’ ability to guard data against external threats, according to the just-released 2012 Deloitte-National Association of State Chief Information Officers (NASCIO) Cybersecurity Study.
Moreover, while some threats to state information technology (IT) security diminished since 2010, the increasing sophistication of cyber-attacks presented a new set of challenges to state officials tasked with safeguarding citizens’ personally identifiable information (PII).
Key findings of the Deloitte-NASCIO 2012 study include:
- Budget a continued problem: More than four out of five (86 percent) CISOs reported that insufficient funding posed the most significant barrier to addressing cyber security issues at the state level.
- Shortage of IT talent: The inadequate availability of cyber security professionals ranked among the top five barriers to addressing cyber security.
- New officials, same challenges: Despite the significant rate of turnover since the initial survey (31 new state CIOs and 22 new state CISOs since 2010), the challenges reported in the survey are remarkably similar, highlighting ongoing issues within state offices of information technology.
- State officials value a security agenda: A parallel survey targeting a limited cross-section of state business and elected officials shows that cyber security is indeed on their radar – 92 percent of respondents ranked cyber security as “most important” or “very important.”
As used in this document, “Deloitte” means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.