Here are some highlights from studies released thus far in 2010, 2012, 2014 and 2016:
- The first time NASCIO documented the number of enterprise wide CISOs in states was in 2006 when 83% of states had a state CISO. 10 years later, as reported in the 2016 study, that number was 100%.
- In early iterations of the study, CISOs were very much focused on governance, strategy and budget. The budget-strategy disconnect was a key theme for a few years in a row, but in 2016, governor-awareness was on the rise and cyber was becoming part of the fabric of government operations.
- In 2016, we also saw evidence that a formal strategy and better communications lead to greater command of resources.
- In 2010, 2012 and 2014, the thing that states were outsourcing the most was threat monitoring. In 2016, cyber threat risk assessments took the top spot.
- In 2016, most states' cyber workforce numbers remained the same and salary was named as a barrier to develop, support and maintain cybersecurity workforce.
When the report is released, take notice of a few things: there are bold plays in the report, which are recommendations for state CISOs and CIOs to disrupt the status quo. There is also information on the state of cybersecurity in state budgets, talent and increasing cyber threats. And finally, you'll notice that, for the first time, all 50 states responded!
The 2018 Deloitte-NASCIO Cybersecurity Study will be released on October 23 and available on the NASCIO website www.nascio.org/stateofcyber.
Full newsletter here