Deloitte Insights and our research centers deliver proprietary research designed to help organizations turn their aspirations into action.

DELOITTE INSIGHTS

  • Home
  • Spotlight
    • Weekly Global Economic Outlook
    • Top 10 Reading Guide
    • Future of Sports
    • Technology Management
    • Growth & Competitive Advantage
  • Topics
    • Economics
    • Environmental, Social, & Governance
    • Operations
    • Strategy
    • Technology
    • Workforce
    • Industries
  • More
    • About
    • Deloitte Insights Magazine
    • Press Room Podcasts

DELOITTE RESEARCH CENTERS

  • Cross-Industry
    • Home
    • Workforce Trends
    • Enterprise Growth & Innovation
    • Technology & Transformation
    • Environmental & Social Issues
  • Economics
    • Home
    • Consumer Spending
    • Housing
    • Business Investment
    • Globalization & International Trade
    • Fiscal & Monetary Policy
    • Sustainability, Equity & Climate
    • Labor Markets
    • Prices & Inflation
  • Consumer
    • Home
    • Automotive
    • Consumer Products
    • Food
    • Retail, Wholesale & Distribution
    • Hospitality
    • Airlines & Transportation
  • Energy & Industrials
    • Home
    • Aerospace & Defense
    • Chemicals & Specialty Materials
    • Engineering & Construction
    • Mining & Metals
    • Oil & Gas
    • Power & Utilities
    • Renewable Energy
  • Financial Services
    • Home
    • Banking & Capital Markets
    • Commercial Real Estate
    • Insurance
    • Investment Management
    • Cross Financial Services
  • Government & Public Services
    • Home
    • Defense, Security & Justice
    • Government Health
    • State & Local Government
    • Whole of Government
    • Transportation & Infrastructure
    • Human Services
    • Higher Education
  • Life Sciences & Health Care
    • Home
    • Hospitals, Health Systems & Providers​
    • Pharmaceutical Manufacturers​
    • Health Plans & Payers​
    • Medtech & Health Tech Organizations
  • Tech, Media & Telecom
    • Home
    • Technology
    • Media & Entertainment
    • Telecommunications
    • Semiconductor
    • Sports
Deloitte.com
Deloitte Insights logo
  • SPOTLIGHT
    • Weekly Global Economic Outlook
    • Top 10 Reading Guide
    • Future of Sports
    • Technology Management
    • Growth & Competitive Advantage
  • TOPICS
    • Economics
    • Environmental, Social, & Governance
    • Operations
    • Strategy
    • Technology
    • Workforce
    • Industries
  • MORE
    • About
    • Deloitte Insights Magazine
    • Press Room Podcasts
    • Research Centers

  • Welcome!

    For personalized content and settings, go to your My Deloitte Dashboard

    Latest Insights

    Creating opportunity at the intersection of climate disruption and regulatory change

    Article
     • 
    7-min read

    Better questions about generative AI

    Article
     • 
    2-min read

    Recommendations

    Tech Trends 2025

    Article

    TMT Predictions 2025

    Article

    About Deloitte Insights

    About Deloitte Insights

    Deloitte Insights Magazine, issue 33

    Magazine

    Topics for you

    • Business Strategy & Growth
    • Leadership
    • Operations
    • Marketing & Sales
    • Diversity, Equity, & Inclusion
    • Emerging Technologies
    • Economy

    Watch & Listen

    Dbriefs

    Stay informed on the issues impacting your business with Deloitte's live webcast series. Gain valuable insights and practical knowledge from our specialists while earning CPE credits.

    Deloitte Insights Podcasts

    Join host Tanya Ott as she interviews influential voices discussing the business trends and challenges that matter most to your business today. 

    Subscribe

    Deloitte Insights Newsletters

    Looking to stay on top of the latest news and trends? With MyDeloitte you'll never miss out on the information you need to lead. Simply link your email or social profile and select the newsletters and alerts that matter most to you.

Welcome back

To join via SSO please click on the key button below
Still not a member? Join My Deloitte

States at risk: The cybersecurity imperative in uncertain times

by Meredith Ward, Srini Subramanian
  • Save for later
  • Download
  • Share
    • Share on Facebook
    • Share on Twitter
    • Share on Linkedin
    • Share by email
3 minute read 14 October 2020

States at risk: The cybersecurity imperative in uncertain times A joint biennial report (6th edition) from Deloitte and the National Association of State Chief Information Officers (NASCIO)

3 minute read 15 October 2020
  • Meredith Ward United States
  • Srini Subramanian United States
  • Save for later
  • Download
  • Share
    • Share on Facebook
    • Share on Twitter
    • Share on Linkedin
    • Share by email
  • COVID-19 has challenged continuity and amplified gaps
  • Connecting the cyber dots across state, local, and higher education
  • Strength, consistency, and enforcement in numbers
  • Progress on the 2018 Deloitte-NASCIO Cybersecurity Study bold plays

The pandemic has highlighted public-sector cyber leaders’ resilience—but has also called attention to long-standing challenges facing state IT and cybersecurity.

Learn More

Download the full report

Read the 2018 survey

Learn about Deloitte’s services

Go straight to smart. Get the Deloitte Insights app

During 2020, chief information security officers (CISOs) have risen to the challenges brought on by the pandemic, working closely with state IT departments to balance cybersecurity risks and business continuity. With most employees unexpectedly working from home for an indefinite period, CISOs secured networks for remote work by enabling or expanding multifactor authentication, enhancing system monitoring to receive early detection and alerts, and reviewing readiness plans to address the possibility of unexpected cybersecurity incidents. CISOs’ actions helped most states maintain essential business functions and service to citizens, even in a time of tightly constrained cyber budgets. 

This year’s study, based on responses from enterprise-level CISOs in 51 US states and territories, made clear state governments’ need for digital modernization and the essential role of cybersecurity. Survey results suggest that the CISO position has evolved into a mature and respected role, with the pandemic further highlighting its critical nature.

Understanding the nature of trust

And yet CISOs struggle with the challenges of securing adequate budgets and talent, as well as coordinating a consistent security implementation across agencies. Our survey identified several key takeaways critical to further enhancing the CISO's status: 

COVID-19 has challenged continuity and amplified gaps

One of the most notable challenges CISOs faced during the pandemic was the abrupt shift to remote work. According to the study:

  • Before the pandemic, 52% of respondents said less than 5% of staff worked remotely.
  • During the pandemic, 35 states have had more than half of employees working remotely; nine states have had more than 90% remote workers.

“The pandemic forced state governments to act quickly, not just in terms of public health and safety but also with regard to cybersecurity,” says Srini Subramanian, Deloitte & Touche LLP's state and local government advisory leader.

Connecting the cyber dots across state, local, and higher education

The pandemic has amplified state governments’ longstanding need for digital modernization, along with the essential role that cybersecurity needs to play in the discussion. Only 28% of states reported that they had collaborated extensively with local governments as part of a security program during the past year, with 65% reporting limited collaboration. By extending the CISO's influence through collaboration and partnerships, states can help provide cybersecurity services and guidance to often-overwhelmed local governments and public higher education entities.

Understanding the nature of trust

Strength, consistency, and enforcement in numbers

Understanding the nature of trust

The study shows that 40% of the states continue to operate in a federated model, in which CISOs are responsible for enterprise policy with a mix of centralized shared services and agency-led services specific to each, and 10% operate in a decentralized model of cyber governance in which individual state agencies are on their own for cyber services and execution with only policy guidance from the CIO. To further their progression, state CISOs should transition to a centralized form of governance for the cybersecurity function, with the enterprise CISO responsible for cybersecurity for all state agencies while maintaining proximity to business initiatives at the agency/program level.

Progress on the 2018 Deloitte-NASCIO Cybersecurity Study bold plays

The 2020 study also reviews progress made toward the three “bold plays” identified in the 2018 Deloitte–NASCIO Cybersecurity Study1, covering funding, innovation, and collaboration.

Understanding the nature of trust

The bold plays are strategic shifts that may take years for results to be visible, and our 2020 survey results show that while progress is being made, now is not a time to declare victory. In fact, it is critical to continue pressing forward on these bold plays.

Authors
Acknowledgments

We thank the NASCIO and Deloitte professionals who helped to develop the survey and execute, analyze, and create the report.

At NASCIO, we thank executive director Doug Robinson and the state CISO survey review team: Adam Ford, Illinois; Bill Nash, Wisconsin; Nancy Rainosek, Texas; Tim Roemer, Arizona; and Maria Thompson, North Carolina.

At Deloitte, we thank subject-matter specialists Bharane Balasubramanian, Mike Wyatt, Timothy Li, Clayton Frick, and Jesse Goldhammer of Deloitte & Touche LLP; John O’Leary of Deloitte Services LP; and Ron Baldwin and Art Stephens of Deloitte Consulting LLP.

Thank you to the Deloitte survey team, data analysis, and benchmarks: Bharath Chari, Deloitte & Touche LLP; Sushumna Agarwal, Deloitte Services LP; Glynis Rodrigues, Deloitte Services LP; Thirumalai Kannan, Deloitte Services LP.

Thanks also to the marketing and writing team, including Annette Evans, Deloitte Services LP; Anudeep Gurram, Deloitte Services LP; and Marie Willsey, writer.

Topics in this article

Risk management , State Government , Center for Government Insights

Cyber Risk Services

Deloitte Cyber helps organizations manage cyber risk and create value through enhanced security, visibility, and privacy. Our program design, implementation, operation, and response services, coupled with our deep industry and mission knowledge, help our clients protect and defend their most valuable assets, facilitate secure digital transformation efforts, and adapt rapidly to emerging threats.

Learn more
Get in touch
Contact
  • Srini Subramanian
  • State, Local & Higher Education Risk and Financial Advisory leader, Government and Public Services
  • Deloitte & Touche LLP
  • ssubramanian@deloitte.com
  • +1 717 651 6277

Download Subscribe

Related content

img Trending

Interactive 3 days ago

More on technology in government & public services

  • 5G in government Article4 years ago
  • Move faster, safer, and more privately with smart security Article4 years ago
  • COVID-19 and the virtualization of government Article5 years ago
  • The realist’s guide to quantum technology and national security Article5 years ago
  • AI readiness for government Article5 years ago
  • Cybersecurity in government Collection
Meredith Ward

Meredith Ward

Director of Policy and Research

Meredith Ward is director of policy and research for the National Association of State Chief Information Officers (NASCIO) and has served at the association since 2013. She has over 18 years of experience in state, local, federal, and international professional associations. Prior to her current position, Ward worked in government and media affairs in Washington, D.C., and acquired over a decade of experience building relationships with members of Congress, their staff, and members of the media. She has worked extensively on issues related to cybersecurity, IT acquisition, criminal justice, workforce, and state technology.

  • insights@deloitte.com
  • +1 859 514 9209
Srini Subramanian

Srini Subramanian

Principal | Deloitte Risk & Financial Advisory

Srini is a Deloitte & Touche LLP principal in the US Government and Public Services (GPS) practice and leads the Risk & Financial Advisory practice for the SLHE Sector. Srini serves as the GPS Industry Leader for the Global Risk Advisory practice. Srini has more than 33 years of technology experience and more than 23 years of cyber risk services experience in the areas of technology and cyber strategy, innovation, digital identity, and cyber detect & respond services. As a cyber principal practicing in GPS, Srini is committed to improving cyber risk management of our government and society. Srini is a co-author of the biennial Deloitte - NASCIO Cybersecurity Study publication with the National Association of State CIOs (NASCIO) since 2010. The recent 2020 Deloitte-NASCIO Cybersecurity Study and States At Risk publication can be found at: The cybersecurity imperative in uncertain times.

  • ssubramanian@deloitte.com
  • +1 717 651 6277

Share article highlights

See something interesting? Simply select text and choose how to share it:

Email a customized link that shows your highlighted text.
Copy a customized link that shows your highlighted text.
Copy your highlighted text.

States at risk: The cybersecurity imperative in uncertain times has been saved

States at risk: The cybersecurity imperative in uncertain times has been removed

An Article Titled States at risk: The cybersecurity imperative in uncertain times already exists in Saved items

Invalid special characters found 
Forgot password

To stay logged in, change your functional cookie settings.

OR

Social login not available on Microsoft Edge browser at this time.

Connect Accounts

Connect your social accounts

This is the first time you have logged in with a social network.

You have previously logged in with a different account. To link your accounts, please re-authenticate.

Log in with an existing social network:

To connect with your existing account, please enter your password:

OR

Log in with an existing site account:

To connect with your existing account, please enter your password:

Forgot password

Subscribe

to receive more business insights, analysis, and perspectives from Deloitte Insights
✓ Link copied to clipboard

Deloitte Insights and our research centers deliver proprietary research designed to help organizations turn their aspirations into action.

Deloitte Insights

  • Home
  • Topics
  • Industries
  • About Deloitte Insights

DELOITTE RESEARCH CENTERS

  • Cross-Industry
  • Economics
  • Consumer
  • Energy & Industrials
  • Financial Services
  • Government & Public Services
  • Life Sciences & Health Care
  • Tech, Media & Telecom
Deloitte logo

Learn about Deloitte’s offerings, people, and culture as a global provider of audit, assurance, consulting, financial advisory, risk advisory, tax, and related services.

© 2025. See Terms of Use for more information.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.
  • About Deloitte
  • Terms of Use
  • Privacy
  • Data Privacy Framework
  • Cookies
  • Cookie Settings
  • Legal Information for Job Seekers
  • Labor Condition Applications
  • Do Not Sell My Personal Information