GSN_Apr_FINAL+links

Page 1 of 12
Cyber Threats & Solutions
Report: Municipal governments lack funding to
reach high level of cybersecurity
WASHINGTON May 2, 2017 The
inability to pay competitive salaries,
insufficient cybersecurity staff, and
a general lack of funds present serious
barriers to local governments
achieving the highest levels of cybersecurity,
according to a survey of
local government chief information
officers conducted by ICMA, the International
City/County
Management Association,
in partnership with
the University of Maryland
Baltimore County.
The goal of the Cybersecurity
2016 Survey was
to better understand current
local government
cybersecurity practices and their related
issues, including what capacities
cities and counties possess, what
kind of barriers they face, and what
type of support they have to implement
cybersecurity programs.
Despite nearly a third (32 percent)
of respondents reporting an increase
in cyber attacks to their local
government information during the
past 12 months, 58 percent indicated
that the inability to pay competitive
salaries prohibited them from
achieving high levels of cybersecurity.
Fifty-three percent cited an insufficient
number of cybersecurity
staff as the primary obstacle, and 52
percent said it was a general lack of
funds.
The public sector pays considerably
less than the private sector
“Because the costs to restore compromised
data are staggering, local governments must
understand what resources they need to
achieve their cybersecurity objectives and
ensure the safety of their data.”
for cybersecurity expertise, which
places further pressure on U.S. local
governments to find ways to
fund compensation in this explosive
industry. Currently, this booming
field has zero unemployment and
one million unfilled jobs, and experts
estimate that the shortfall will
reach 1.5 million by 2019.
When asked to rank the top three
things most needed to ensure the
highest level of cybersecurity for
their local government, respondents
cited greater funding as number
one, better cybersecurity policies as
number two, and greater cybersecurity
awareness among local government
employees as number three in
importance.
“As local governments become
increasingly reliant on technology
and the Internet, they must
also become increasingly
diligent about the security
they provide for the data
and information they collect
and manage,” said ICMA
Executive Director Marc
Ott. “Because the costs to restore
compromised data are
staggering, local governments must
understand what resources they
need to achieve their cybersecurity
objectives and ensure the safety of
their data. The results of the ICMA-
UMBC Cybersecurity 2016 Survey
can help local leaders identify and
evaluate critical resource shortages.”
Other highlights of the ICMA/
UMBC cybersecurity survey results
include:
Only 1 percent of responding lo-
cal governments
have a stand-alone
cybersecurity department
or unit.
Primary responsibility
for cybersecurity is most
often located within the IT department.
Roughly 62 percent of responding
jurisdictions have developed a
formal policy governing the use of
personally-owned devices by governmental
officials and employees.
Nearly 70 percent of responding
local governments have not developed
a formal, written cybersecurity
risk management plan, but nearly
41 percent conduct an annual risk
assessment and an additional 16
percent take stock of their risk at
least every two years.
The Cybersecurity 2016 Survey
was mailed (with an online option)
to the chief information officers of
3,423 U.S. municipalities and counties
with populations of 25,000 or
greater. Responses were received
from 411 local governments for a
response rate of 12 percent.
Review the complete results of
the survey at: http://icma.org/cybersecurity2016surveyresults.
About ICMA
ICMA, the International City/
County Management Association,
advances professional local government
worldwide through leadership,
management, innovation, and ethics.
ICMA is second only to the federal
government in the collection,
analysis, and dissemination of data
focused on issues related to local
government management. Through
expansive partnerships with local
governments, federal agencies, nonprofits,
and philanthropic funders,
the organization gathers information
on topics such as sustainability,
health care, aging communities,
38 39
Introduction
In 2016, the International City/County Management Association (ICMA), in partnership with the University of Maryland,
Baltimore County (UMBC), conducted a survey to be ter understand local government cybersecurity practices. The
results of this survey provide insights into the cybersecurity issues faced by U.S. local governments, including wha their
capacities are, what kind of ba riers they face, and wha type of suppor they have to implement cybersecurity programs.
Methodology
The survey was sent on paper via postal mail to the chief information o ficers of 3,423 U.S. local governments with
populations of 25,000 or greater. An online submission option was also made available to survey recipients.
Responses were received from 411 of the governments surveyed, yielding a response rate of 12%. Cities were
ove represented among respondents while counties were underrepresented. Similarly, higher percentage of responses
received from larger communities compared to sma ler communities. Further, jurisdictions in the Mountain region of the
U.S. were ove represented, while jurisdictions in the Mid-Atlantic and East South-Central regions were
unde represented. The following report reflects trends among the unweighted survey responses, and should only be
considered to be representative of the responding governments. Weighting should be applied to achieve representation
of the broader survey population.
Cybersecurity 2016 Survey
Summary Report of Survey Results
Cybersecurity 2016 Survey
Number Surveyed Number Responding Response Rate
Total 3423 411 12.0%
Population Size
Over 1,000,000 42 11 26.2%
500,000 - 1,000,000 98 20 20.4%
250,000 - 499,999 168 26 15.5%
100,000 - 249,999 532 63 11.8%
50,000 - 99,999 939 108 11.5%
25,000 - 49,999 1644 183 11.1%
Geographic Division
New England 183 23 12.6%
Mid-Atlantic 391 23 5.9%
East North-Central 782 94 12.0%
West North-Central 266 26 9.8%
South Atlantic 541 79 14.6%
East South-Central 253 20 7.9%
West South-Central 354 41 11.6%
Mountain 220 48 21.8%
Pacific Coast 433 57 13.2%
Type of Government
Municipalities 1893 267 14.1%
Counties 1530 144 9.4%
economic development, homeland
security, alternative service delivery,
as well as performance measurement
and management data on a
variety of local government services—all
of which support related
training, education, and technical
assistance.
About the University of Maryland
Baltimore County
UMBC is a dynamic public research
university integrating teaching, research,
and service to benefit the
citizens of Maryland. As an Honors
University, the campus offers academically
talented students a strong
undergraduate liberal arts foundation
that prepares them for graduate
and professional study, entry into
the workforce, and community service
and leadership. UMBC emphasizes
science, engineering, information
technology, human services
and public policy at the graduate
level. UMBC contributes to the economic
development of the State and
the region through entrepreneurial
initiatives, workforce training, K-16
partnerships, and technology commercialization
in collaboration with
public agencies and the corporate
community. UMBC is dedicated to
cultural and ethnic diversity, social
responsibility and lifelong learning.