top of page



Cybersecurity: States and Cities Shouldn't be Distracted

While it is possible to put off other problems, no government can afford to ignore cybersecurity. Yet, many local governments are woefully under prepared for a cyber-attack according to a piece we’ve written for the Government Finance Officers Association journal, GFR (p. 90) We recommend that you read the full piece; that which follows in this blog item should convince you of that.

A 2018 survey from Public Technology Institute noted that only 35 percent of local government IT departments had a strategic plan for cybersecurity. Last year, another small survey referenced in a report by PTI and the National League of cities revealed that 80 percent of respondents identified lack of funds as a barrier in achieving the highest possible level of cybersecurity.

In a day when the nation is riddled with woes and fears – and coronavirus justifiably dominates the headlines -- this is an issue that shouldn't go on a way back burner.

As we wrote, “While it may be possible to put off other problems for local government, no government can afford to ignore cybersecurity. . . It’s not like you can say we’re small and nobody will pay attention to us,” said Teri Takai, co-executive director of the Center for Digital Government. . .

“There might be several hundred attempts (at cyberbreaches) in any given day,” said Meredith Ward, director of policy and research at NASCIO, the National Association of State Chief Information Officers. “Someone will be knocking on your door all the time.”

NASCIO and the National Governors Association are trying to confront the issue.

At the beginning of this year, they published a report about ways states can help local government with cybersecurity. It indicated that about two-thirds of the states provide cyber-security services for their local government, but only a little a third of the states market those services, putting the onus on states to do more outreach, Ward told us.

Not to put to sharp a point on it, but it feels to us like there’s a certain similarity toward local approaches to cybersecurity and their pandemic preparedness. They all know that they ought to be doing something, but it’s all too easy to put off until disaster strikes.


bottom of page