Nearly three-quarters of state chief information security officers say the likelihood of AI-enabled threats is “high”
NEW ORLEANS, Sept. 30, 2024 – The 2024 edition of the biennial cybersecurity report from Deloitte and the National Association of Chief Information Officers (NASCIO) found 86% of state chief information security officers (CISOs) say their responsibilities are growing, yet more than one-third do not have a dedicated cybersecurity budget. Four of the 51 state CISOs surveyed said their state IT budgets allocate less than 1% for cybersecurity.
“The ability of government to deliver on its mission depends on data – and on the security of that data,” said Srini Subramanian, principal, Deloitte & Touche LLP and Deloitte’s global government and public services consulting leader. “The attack surface is expanding as state leaders’ reliance on information becomes increasingly central to the operation of government itself, and CISOs have an increasingly challenging mission to make the technology infrastructure resilient against ever-increasing cyber threats.”
Despite the growing importance of cybersecurity, many state CISOs indicated resources aren’t keeping pace with the growing sophistication of threats. Federal agencies generally earmark more than 10% of their IT budgets for cybersecurity, yet many states have not dedicated resources at the same pace.
The 2024 biennial Deloitte-NASCIO report surveyed state CISOs from all 50 states and the District of Columbia. The emergence of generative artificial intelligence (GenAI) – and its potential benefits and risks – was top of mind for many state technology leaders. Nearly three-quarters of respondents (71%) believe the risk of AI-enabled threats is “high.” However, 41% lack confidence in their team’s ability to handle them.
Legacy systems with outdated technology, particularly in public infrastructure such as transportation, water and power, are specific areas of concern.
While acknowledging the potential threat of AI, state CISOs are increasingly turning to AI and GenAI tools to shore up their cybersecurity capabilities. A total of 21 said they are already using GenAI to improve security operations, while another 22 plan to adopt GenAI within the next 12 months.
“The good news is many state CISOs have been able to increase employee headcounts, adding specialists to their teams who are focused on cybersecurity-related issues,” said Meredith Ward, deputy executive director at NASCIO and a co-author of the 2024 Deloitte-NASCIO report. “In 2020, 16% of CISOs had fewer than five employees dedicated to cybersecurity initiatives. Today, that percentage has dropped to just 4%. In addition to growing their teams, our research found these leaders are determined to find creative solutions to protect their organizations and the public.”
Nearly every state CISO reported they are involved with developing state GenAI strategy and security policy; only two did not.
Cyber threats will continue to evolve in scale and complexity, making collaboration among state CISOs, their stakeholders and government partners more important than ever.
Since 2010, Deloitte and NASCIO have conducted biennial surveys of state CISOs to provide state leaders with an update on the cybersecurity threat landscape, as well as insights to help them protect the public’s data and secure their digital systems.
The 2024 Deloitte-NASCIO Cybersecurity Study can be viewed in its entirety here.
About Deloitte
Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world’s most admired brands, including nearly 90% of the Fortune 500® and more than 8,500 U.S.-based private companies. At Deloitte, we strive to live our purpose of making an impact that matters by creating trust and confidence in a more equitable society. We leverage our unique blend of business acumen, command of technology, and strategic technology alliances to advise our clients across industries as they build their future. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. Bringing more than 175 years of service, our network of member firms spans more than 150 countries and territories. Learn how Deloitte’s approximately 460,000 people worldwide connect for impact at www.deloitte.com.
About NASCIO
The National Association of State Chief Information Officers is the premier network and resource for state CIOs and a leading advocate for technology policy at all levels of government. NASCIO represents state chief information officers and information technology executives from the states, territories, and the District of Columbia. For more information about NASCIO visit www.nascio.org.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.
SOURCE Deloitte
Leave a Reply