The Cybersecurity Industry is Booming – But Local Government Suffering


Cybersecurity it a booming industry, with a zero unemployment rate and, globally, one million unfilled jobs, with this shortfall expected to grow by 50 percent in the next two years according to expert opinion. Local governments are feeling the pain in this area, finding it increasingly difficult to attract and keep cybersecurity expertise.

The inability to pay competitive salaries, insufficient experienced staff, and a general lack of funds present serious barriers to local governments achieving the highest levels of security. This is according to a survey of local government CIOs conducted by ICMA, the International City/County Management Association, in partnership with the University of Maryland Baltimore County.

The Cybersecurity 2016 Survey was conducted in order to better understand current local government cybersecurity practices, as well as see what their related issues are. The survey looked at what capacities cities and counties possess, what kind of barriers they face, and what type of support they must have to implement effective  programs.

Despite nearly a third (32 percent) of respondents reporting an increase in cyber-attacks during the past 12 months, 58 percent indicated that the inability to pay competitive salaries was a prohibitive factor the prevented them from achieving high levels of security. Fifty-three percent cited an insufficient number of cybersecurity staff as the primary obstacle, and 52 percent said it was a general lack of funds.

The public sector pays considerably less than the private sector for expertise in this field. This places further pressure on U.S. local governments to find ways to fund compensation in this explosive industry.

When asked to rank the top three things most needed to ensure the highest level of security for their local government, respondents cited greater funding as number one, better cybersecurity policies as number two, and greater cybersecurity awareness among local government employees as number three in importance.

“As local governments become increasingly reliant on technology and the Internet, they must also become increasingly diligent about the security they provide for the data and information they collect and manage,” said ICMA Executive Director Marc Ott. “Because the costs to restore compromised data are staggering, local governments must understand what resources they need to achieve their cybersecurity objectives and ensure the safety of their data. The results of the ICMA-UMBC Cybersecurity 2016 Survey can help local leaders identify and evaluate critical resource shortages.”

Other highlights of the ICMA/UMBC cybersecurity survey results include:

  • Only 1 percent of responding local governments have a stand-alone cybersecurity department or unit. Primary responsibility for security is most often located within the IT department.
  • Roughly 62 percent of responding jurisdictions have developed a formal policy governing the use of personally-owned devices by governmental officials and employees.
  • Nearly 70 percent of responding local governments have not developed a formal, written cybersecurity risk management plan, but nearly 41 percent conduct an annual risk assessment and an additional 16 percent take stock of their risk at least every two years.

The 2016 Survey was mailed (with an online option) to the chief information officers of 3,423 U.S. municipalities and counties with populations of 25,000 or greater. Responses were received from 411 local governments for a response rate of 12 percent.

Review the complete results of the survey at: Cyber Security 2016 Survey Results.

Carlos Casanova

Carlos Casanova

Carlos Casanova is an internationally known speaker, IT architect, leadership advisor, and co-author of The CMDB Imperative. He has over two decades of hands-on experience guiding CIOs and Sr. Leadership to achieve effective IT operations and improve ROI from infrastructure investments. His expansive experience enables him to quickly assess their true needs and achieve better business outcomes. He takes the complexity out of today's cluttered IT and business environments to simplify their goals in order to accelerate achievement and success.