Inadequate cybersecurity staffing is the second-largest barrier faced by state governments in their attempts to overcome cybersecurity challenges, according to a newly released Deloitte study . Insufficient budget was the biggest barrier reported, and interestingly, the lack of availability of cybersecurity professionals was cited as the fifth largest barrier.

Inadequate staffing has been a prevalent issue for years. (ISC)²’s 2019 Cybersecurity Workforce Study estimates the shortage of needed skilled professionals is more than 4 million worldwide. This creates challenges for CISOs as they focus on protecting their organizations.

The Deloitte study, which is based on responses from 51 U.S. states and territories, says that even as the CISO position “has evolved into a mature and respected role,” CISOs still “struggle with the challenges of securing adequate budgets and talent, as well as coordinating a consistent security implementation across agencies.” These are longstanding challenges for state governments, and the study reveals that the COVID-19 pandemic has amplified the need for states to modernize their digital and cybersecurity operations.

The study was conducted by Deloitte and the National Association of State Chief Information Officers (NASCIO) in April and May 2020, as the first wave of the pandemic was hitting its peak in many places.

Pandemic Effects

The sudden shift from the office to home environments affected not only government agencies but also private enterprise. (ISC)²’s COVID-19 Cybersecurity Pulse Survey found that 90% of respondents had implemented work-from-home policies. The expansion of remote environments widened the cyber attack surface, but in the rush to set up those environments, nearly half of respondents (47%) were reassigned from cybersecurity to other IT tasks.

The Deloitte study reports that state CISOs responded to the pandemic by establishing safeguards for teleconferencing and remote collaboration and providing guidance on phishing. However, an increase in “incidents of financial fraud involving information systems” still occurred, and more are expected in the year ahead.

Another issue state CISOs have had to contend with is poor coordination with local governments. “Only 28% of states reported that they had collaborated extensively with local governments as part of a security program during the past year, with 65% reporting limited collaboration.”

While states provide services to local governments such as incident response, security management operations, network and infrastructure, strategy, governance and risk management, the study says only 27% are delivering cybersecurity training. In addition, 40% of states use a federated model for cybersecurity, but the study suggests a centralized model covering multiple agencies would be more beneficial.

Same Issues

The Deloitte study’s findings demonstrate that government agencies struggle with many of the same issues as private companies when it comes to cybersecurity. Whether you’re in government or the private sector, defending against cyber attacks requires proper funding and staffing. The (ISC)² Cybersecurity Workforce Study offers suggestions to address the issue.