The headline is alarming, but not shocking. Research from the Governing Institute, supported by AT&T and the National Cyber Security Alliance (NCSA), reveals that 80% of elected and appointed officials, along with their staff, have no idea whether their state has a cyber-emergency plan in place. For the survey, the Governing Institute quizzed state elected and appointed officials, as well as legislative staff members from across the country. The goal of the research was to gage how involved and how informed elected officials are when it comes cybersecurity.
It's no secret that lawmakers have dropped the ball on security, but when you run the numbers it becomes more apparent. In 2015, The Salt Lake Tribune reported that Utah's secure government networks faces up to 300 million cyber-attacks each day. To put the number into perspective; In 2013, The Deseret News reported that the network faced 20 million attacks per day. It's safe to assume that the number of attacks will continue to increase, however cybersecurity has remained on the back burner for many lawmakers.
"We found that, although legislators know the risks are high, many are not as involved as they could be and significant cybersecurity gaps remain," said Todd Sander, Vice President of research for the Governing Institute.
The research found that more than 80% of respondents agree that cybersecurity is a priority for them, and more than 70% believe their state's risk of a cyber-attack is moderate to high. While most officials acknowledged the threat, only 18% of legislators surveyed actually sit on a committee focused on cybersecurity.
We all know that lawmakers face funding issues when it comes to cybersecurity, and it's no secret that the information security industry, as a whole, is majorly lacking in qualified professionals. Those factors should be considered, but it's alarming that only 18% of respondents reported taking proactive steps and advocating for stronger security on committees. If these numbers don't drastically increase, then we are in for a long road ahead.
There is a silver-lining in all of this, as 87% of respondents agree that they would like to further their information security education. Judging from the survey results, I think it's safe to say that 100% of respondents should pursue a higher education when it comes to cybersecurity.