×
Third-party breaches and AI dominate state CISOs’ threat concerns
Written by
Published on
Join our daily newsletter for breaking news, product launches and deals, research breakdowns, and other industry-leading AI coverage
Join Now

State CISOs face evolving challenges in 2024: The latest Deloitte-NASCIO Cybersecurity Study reveals that state Chief Information Security Officers (CISOs) are grappling with expanding responsibilities and emerging threats while contending with persistent workforce and funding issues.

  • The average tenure of state CISOs has decreased from 2.5 years in 2022 to 1.9 years in 2024, with hiring for these positions often taking six months or more.
  • Many CISOs now oversee privacy responsibilities, with 86% of states having CISOs handle privacy matters, up from 60% in 2022.
  • The top cybersecurity threats identified by CISOs include security breaches involving third parties, AI-enabled attacks, and foreign state-sponsored espionage.

AI presents both challenges and opportunities: While CISOs express concern about AI-assisted cyber attacks, they also see potential in leveraging generative AI for their own security efforts.

  • 71% of CISOs consider AI-assisted attacks a “very” or “somewhat” high threat.
  • 41% of CISOs are currently using generative AI in their security work, with an additional 43% planning to implement it within the next 12 months.
  • Most CISOs are involved in developing their state’s generative AI strategy and policy, although greater involvement in the procurement process is desired to ensure security is adequately addressed and funded.

Workforce challenges persist: Recruitment and retention of cybersecurity talent remain significant hurdles for state governments.

  • Limited hiring budgets and lengthy hiring timelines continue to impede recruitment efforts, particularly for mid- and high-level positions.
  • Only 47% of CISOs believe their workforce possesses all the necessary competencies.
  • States are exploring various strategies to address workforce gaps, including succession planning, internship programs, and promoting movement between public and private sectors.

Reliance on third-party support grows: Many state CISOs are turning to outsourced services to supplement their in-house capabilities.

  • 76% of CISOs use outsourced security operations centers with 24/7 monitoring.
  • However, about a quarter of CISOs express low confidence in their business partners’, contractors’, and service providers’ cybersecurity practices.
  • CISOs are also concerned about the cybersecurity posture of local governments and higher education institutions.

Budget constraints hamper cybersecurity efforts: With pandemic relief funds dwindling, CISOs are facing renewed financial pressures.

  • Only 51% of CISOs report having adequate funding to meet legal and regulatory requirements, down from 58% in 2022.
  • Nearly 40% of states lack a dedicated cybersecurity budget line item, instead funding it from the overall IT budget.
  • While grant programs like the State and Local Cybersecurity Grant Program offer some assistance, CISOs emphasize the need for sustained, recurring funding to address ongoing cybersecurity threats effectively.

Looking ahead: The need for sustainable solutions: As state CISOs navigate an increasingly complex threat landscape, the call for more robust and consistent support grows louder.

  • CISOs advocate for a reliable stream of recurring funding, similar to highway funds, to address the continuous nature of cybersecurity threats.
  • Improved succession planning and workforce development strategies are needed to ensure continuity in leadership and skills within state cybersecurity teams.
  • Greater collaboration between CISOs, procurement teams, and policymakers could lead to more comprehensive and effective cybersecurity strategies at the state level.
NASCIO: Third-Party Breaches, AI Top CISOs’ Threat Lists

Recent News

Amazon chief says GenAI is growing 3X faster than cloud computing

Amazon's AWS division sees AI services growing three times faster than traditional cloud offerings as enterprise customers rush to adopt artificial intelligence tools.

Microsoft’s 10 new AI agents fortify its grip on enterprise AI

Microsoft's enterprise AI agents gain rapid adoption as 100,000 organizations deploy automated business tools across customer service, finance, and supply chain operations.

Former BP CEO joins AI data center startup

Energy veterans and tech companies forge new alliances as AI computing centers strain power grids and demand sustainable solutions.