The 2024 Deloitte-NASCIO Cybersecurity Study reveals a landscape fraught with fresh challenges, particularly the extensive advancements in artificial intelligence (AI). State chief information security officers (CISOs) are striving to counter ever more sophisticated threats and build resilience in their digital systems.
### The Expanding Role of CISOs
State CISOs face an increasingly challenging mission as the attack surface expands with the growing reliance on information technology. Despite the importance of cybersecurity, many state CISOs indicated that resources are not keeping pace with the growing sophistication of threats. Federal agencies generally earmark more than 10% of their IT budgets for cybersecurity, yet many states have not dedicated resources at the same pace.
### AI-Enabled Threats
Nearly three-quarters of state CISOs believe the risk of AI-enabled threats is “high,” with 41% lacking confidence in their team’s ability to handle these threats. However, state CISOs are increasingly turning to AI and generative AI (GenAI) tools to shore up their cybersecurity capabilities. A total of 21 state CISOs are already using GenAI to improve security operations, while another 22 plan to adopt GenAI within the next 12 months.
### Budgeting and Funding
Budgeting and funding remain a significant concern for state CISOs. Four of the 51 state CISOs surveyed said their state IT budgets allocate less than 1% for cybersecurity. This lack of dedicated cybersecurity budgets is a major issue, as it hampers the ability of state CISOs to protect critical systems and advocate for additional resources to meet the growing threat.
### Legacy Systems and Emerging Technologies
Legacy systems with outdated technology, particularly in public infrastructure such as transportation, water, and power, are specific areas of concern. State CISOs are also grappling with the increasing sophistication and proliferation of threats, including exploits of vulnerabilities in emerging technologies and operational technology cyber threats.
### Cyber Workforce and Collaboration
The cyber workforce is foundational to everything, and state CISOs are determined to find creative solutions to protect their organizations and the public. Nearly every state CISO reported they are involved with developing state GenAI strategy and security policy; only two did not. Collaboration among state CISOs, their stakeholders, and government partners is more important than ever as cyber threats continue to evolve in scale and complexity.
### Conclusion
The 2024 Deloitte-NASCIO Cybersecurity Study highlights the need for state CISOs to secure a sound budgetary foundation while considering new technological capabilities to modernize operations and constituent services. With the emergence of AI and GenAI, state CISOs must navigate both the hazards and opportunities presented by these technologies to ensure the security of their digital systems. Establishing cybersecurity as a governmental priority with a dedicated budget line item can help state CISOs raise funding levels and formulate longer-term strategies to incorporate pressing priorities, such as emerging technologies.
Be the first to comment