Viewing offline content

Limited functionality available

Dismiss
United States
  • Services

    What's New

    • Register for Dbriefs webcasts

    • Unlimited Reality™

      Metaverse solutions that drive value

    • Sustainability, Climate & Equity

      Cultivating a sustainable and prosperous future

    • Tax

      • Tax Operate
      • Tax Legislation
      • Tax Technology Consulting
      • Mobility and Payroll
      • Legal Business Services
      • Tax Services
    • Consulting

      • Core Business Operations
      • Customer & Marketing
      • Enterprise Technology & Performance
      • Human Capital
      • Strategy & Analytics
    • Audit & Assurance

      • Audit Innovation
      • Accounting Standards
      • Accounting Events & Transactions
    • Deloitte Private

    • M&A and Restructuring

    • Risk & Financial Advisory

      • Accounting & Internal Controls
      • Cyber & Strategic Risk
      • Regulatory & Legal
      • Transactions and M&A
    • AI & Analytics

    • Cloud

    • Diversity, Equity & Inclusion

  • Industries

    What's New

    • The Ripple Effect

      Real-world client stories of purpose and impact

    • Register for Dbriefs webcasts

    • Industry Outlooks

      Key opportunities, trends, and challenges

    • Consumer

      • Automotive
      • Consumer Products
      • Retail, Wholesale & Distribution
      • Transportation, Hospitality & Services
    • Energy, Resources & Industrials

      • Industrial Products & Construction
      • Power, Utilities & Renewables
      • Energy & Chemicals
      • Mining & Metals
    • Financial Services

      • Banking & Capital Markets
      • Insurance
      • Investment Management
      • Real Estate
    • Government & Public Services

      • Defense, Security & Justice
      • Federal health
      • Civil
      • State & Local
      • Higher Education
    • Life Sciences & Health Care

      • Health Care
      • Life Sciences
    • Technology, Media & Telecommunications

      • Technology
      • Telecommunications, Media & Entertainment
  • Insights

    Deloitte Insights

    What's New

    • Deloitte Insights Magazine

      Explore the latest issue now

    • Deloitte Insights app

      Go straight to smart with daily updates on your mobile device

    • Weekly economic update

      See what's happening this week and the impact on your business

    • Strategy

      • Business Strategy & Growth
      • Digital Transformation
      • Governance & Board
      • Innovation
      • Marketing & Sales
      • Private Enterprise
    • Economy & Society

      • Economy
      • Environmental, Social, & Governance
      • Health Equity
      • Trust
      • Mobility
    • Organization

      • Operations
      • Finance & Tax
      • Risk & Regulation
      • Supply Chain
      • Smart Manufacturing
    • People

      • Leadership
      • Talent & Work
      • Diversity, Equity, & Inclusion
    • Technology

      • Data & Analytics
      • Emerging Technologies
      • Technology Management
    • Industries

      • Consumer
      • Energy, Resources, & Industrials
      • Financial Services
      • Government & Public Services
      • Life Sciences & Health Care
      • Technology, Media, & Telecommunications
    • Spotlight

      • Deloitte Insights Magazine
      • Press Room Podcasts
      • Weekly Economic Update
      • COVID-19
      • Resilience
      • Top 10 reading guide
  • Careers

    What's New

    • Our Purpose

      Exceptional organizations are led by a purpose. At Deloitte, our purpose is to make an impact that matters by creating trust and confidence in a more equitable society.

    • Day in the Life: Our hybrid workplace model

      See how we connect, collaborate, and drive impact across various locations.

    • The Deloitte University Experience

      Explore Deloitte University like never before through a cinematic movie trailer and films of popular locations throughout Deloitte University.

    • Careers

      • Audit & Assurance
      • Consulting
      • Risk & Financial Advisory
      • Tax
      • Internal Services
      • US Delivery Center
    • Students

      • Undergraduate
      • Advanced Degree
      • Internships
    • Experienced Professionals

      • Additional Opportunities
      • Veterans
      • Industries
      • Executives
    • Job Search

      • Entry Level Jobs
      • Experienced Professional Jobs
      • Recruiting Tips
      • Explore Your Fit
      • Labor Condition Applications
    • Life at Deloitte

      • Life at Deloitte Blog
      • Meet Our People
      • Diversity, Equity, & Inclusion
      • Corporate Citizenship
      • Leadership Development
      • Empowered Well-Being
      • Deloitte University
    • Alumni Relations

      • Update Your Information
      • Events
      • Career Development Support
      • Marketplace Jobs Dashboard
      • Alumni Resources
  • US-EN Location: United States-English  
  • Contact us
  • US-EN Location: United States-English  
  • Contact us
    • Dashboard
    • Saved items
    • Content feed
    • Subscriptions
    • Profile/Interests
    • Account settings

Welcome back

Still not a member? Join My Deloitte

States at risk: The cybersecurity imperative in uncertain times

by Meredith Ward, Srini Subramanian
  • Save for later
  • Download
  • Share
    • Share on Facebook
    • Share on Twitter
    • Share on Linkedin
    • Share by email
Deloitte Insights
  • Strategy
    Strategy
    Strategy
    • Business Strategy & Growth
    • Digital Transformation
    • Governance & Board
    • Innovation
    • Marketing & Sales
    • Private Enterprise
  • Economy & Society
    Economy & Society
    Economy & Society
    • Economy
    • Environmental, Social, & Governance
    • Health Equity
    • Trust
    • Mobility
  • Organization
    Organization
    Organization
    • Operations
    • Finance & Tax
    • Risk & Regulation
    • Supply Chain
    • Smart Manufacturing
  • People
    People
    People
    • Leadership
    • Talent & Work
    • Diversity, Equity, & Inclusion
  • Technology
    Technology
    Technology
    • Data & Analytics
    • Emerging Technologies
    • Technology Management
  • Industries
    Industries
    Industries
    • Consumer
    • Energy, Resources, & Industrials
    • Financial Services
    • Government & Public Services
    • Life Sciences & Health Care
    • Tech, Media, & Telecom
  • Spotlight
    Spotlight
    Spotlight
    • Deloitte Insights Magazine
    • Press Room Podcasts
    • Weekly Economic Update
    • COVID-19
    • Resilience
    • Top 10 reading guide
    • US-EN Location: United States-English  
    • Contact us
      • Dashboard
      • Saved items
      • Content feed
      • Subscriptions
      • Profile/Interests
      • Account settings
    3 minute read 14 October 2020

    States at risk: The cybersecurity imperative in uncertain times A joint biennial report (6th edition) from Deloitte and the National Association of State Chief Information Officers (NASCIO)

    3 minute read 15 October 2020
    • Meredith Ward United States
    • Srini Subramanian United States
    • Save for later
    • Download
    • Share
      • Share on Facebook
      • Share on Twitter
      • Share on Linkedin
      • Share by email
    • COVID-19 has challenged continuity and amplified gaps
    • Connecting the cyber dots across state, local, and higher education
    • Strength, consistency, and enforcement in numbers
    • Progress on the 2018 Deloitte-NASCIO Cybersecurity Study bold plays

    The pandemic has highlighted public-sector cyber leaders’ resilience—but has also called attention to long-standing challenges facing state IT and cybersecurity.

    Learn More

    Download the full report

    Read the 2018 survey

    Learn about Deloitte’s services

    Go straight to smart. Get the Deloitte Insights app

    During 2020, chief information security officers (CISOs) have risen to the challenges brought on by the pandemic, working closely with state IT departments to balance cybersecurity risks and business continuity. With most employees unexpectedly working from home for an indefinite period, CISOs secured networks for remote work by enabling or expanding multifactor authentication, enhancing system monitoring to receive early detection and alerts, and reviewing readiness plans to address the possibility of unexpected cybersecurity incidents. CISOs’ actions helped most states maintain essential business functions and service to citizens, even in a time of tightly constrained cyber budgets. 

    This year’s study, based on responses from enterprise-level CISOs in 51 US states and territories, made clear state governments’ need for digital modernization and the essential role of cybersecurity. Survey results suggest that the CISO position has evolved into a mature and respected role, with the pandemic further highlighting its critical nature.

    Understanding the nature of trust

    And yet CISOs struggle with the challenges of securing adequate budgets and talent, as well as coordinating a consistent security implementation across agencies. Our survey identified several key takeaways critical to further enhancing the CISO's status: 

    COVID-19 has challenged continuity and amplified gaps

    One of the most notable challenges CISOs faced during the pandemic was the abrupt shift to remote work. According to the study:

    • Before the pandemic, 52% of respondents said less than 5% of staff worked remotely.
    • During the pandemic, 35 states have had more than half of employees working remotely; nine states have had more than 90% remote workers.

    “The pandemic forced state governments to act quickly, not just in terms of public health and safety but also with regard to cybersecurity,” says Srini Subramanian, Deloitte & Touche LLP's state and local government advisory leader.

    Connecting the cyber dots across state, local, and higher education

    The pandemic has amplified state governments’ longstanding need for digital modernization, along with the essential role that cybersecurity needs to play in the discussion. Only 28% of states reported that they had collaborated extensively with local governments as part of a security program during the past year, with 65% reporting limited collaboration. By extending the CISO's influence through collaboration and partnerships, states can help provide cybersecurity services and guidance to often-overwhelmed local governments and public higher education entities.

    Understanding the nature of trust

    Strength, consistency, and enforcement in numbers

    Understanding the nature of trust

    The study shows that 40% of the states continue to operate in a federated model, in which CISOs are responsible for enterprise policy with a mix of centralized shared services and agency-led services specific to each, and 10% operate in a decentralized model of cyber governance in which individual state agencies are on their own for cyber services and execution with only policy guidance from the CIO. To further their progression, state CISOs should transition to a centralized form of governance for the cybersecurity function, with the enterprise CISO responsible for cybersecurity for all state agencies while maintaining proximity to business initiatives at the agency/program level.

    Progress on the 2018 Deloitte-NASCIO Cybersecurity Study bold plays

    The 2020 study also reviews progress made toward the three “bold plays” identified in the 2018 Deloitte–NASCIO Cybersecurity Study1, covering funding, innovation, and collaboration.

    Understanding the nature of trust

    The bold plays are strategic shifts that may take years for results to be visible, and our 2020 survey results show that while progress is being made, now is not a time to declare victory. In fact, it is critical to continue pressing forward on these bold plays.

    Authors
    Acknowledgments

    We thank the NASCIO and Deloitte professionals who helped to develop the survey and execute, analyze, and create the report.

    At NASCIO, we thank executive director Doug Robinson and the state CISO survey review team: Adam Ford, Illinois; Bill Nash, Wisconsin; Nancy Rainosek, Texas; Tim Roemer, Arizona; and Maria Thompson, North Carolina.

    At Deloitte, we thank subject-matter specialists Bharane Balasubramanian, Mike Wyatt, Timothy Li, Clayton Frick, and Jesse Goldhammer of Deloitte & Touche LLP; John O’Leary of Deloitte Services LP; and Ron Baldwin and Art Stephens of Deloitte Consulting LLP.

    Thank you to the Deloitte survey team, data analysis, and benchmarks: Bharath Chari, Deloitte & Touche LLP; Sushumna Agarwal, Deloitte Services LP; Glynis Rodrigues, Deloitte Services LP; Thirumalai Kannan, Deloitte Services LP.

    Thanks also to the marketing and writing team, including Annette Evans, Deloitte Services LP; Anudeep Gurram, Deloitte Services LP; and Marie Willsey, writer.

    Topics in this article

    Cyber risk , State Government , Public Sector , Government , Risk management , Technology Management

    Cyber Risk Services

    Deloitte Cyber helps organizations manage cyber risk and create value through enhanced security, visibility, and privacy. Our program design, implementation, operation, and response services, coupled with our deep industry and mission knowledge, help our clients protect and defend their most valuable assets, facilitate secure digital transformation efforts, and adapt rapidly to emerging threats.

    Learn more
    Get in touch
    Contact
    • Srini Subramanian
    • State, Local & Higher Education Risk and Financial Advisory leader, Government and Public Services
    • Deloitte & Touche LLP
    • ssubramanian@deloitte.com
    • +1 717 651 6277

    Download Subscribe

    Related content

    img Trending

    Interactive 3 days ago

    More on technology in government & public services

    • 5G in government Article2 years ago
    • Move faster, safer, and more privately with smart security Article2 years ago
    • COVID-19 and the virtualization of government Article2 years ago
    • The realist’s guide to quantum technology and national security Article2 years ago
    • AI readiness for government Article3 years ago
    • Cybersecurity in government Collection
    Meredith Ward

    Meredith Ward

    Director of Policy and Research

    Meredith Ward is director of policy and research for the National Association of State Chief Information Officers (NASCIO) and has served at the association since 2013. She has over 18 years of experience in state, local, federal, and international professional associations. Prior to her current position, Ward worked in government and media affairs in Washington, D.C., and acquired over a decade of experience building relationships with members of Congress, their staff, and members of the media. She has worked extensively on issues related to cybersecurity, IT acquisition, criminal justice, workforce, and state technology.

    • insights@deloitte.com
    • +1 859 514 9209
    Srini Subramanian

    Srini Subramanian

    Principal | Deloitte Risk & Financial Advisory

    Srini is a Deloitte & Touche LLP principal in the US Government and Public Services (GPS) practice and leads the Risk & Financial Advisory practice for the SLHE Sector. Srini serves as the GPS Industry Leader for the Global Risk Advisory practice. Srini has more than 33 years of technology experience and more than 23 years of cyber risk services experience in the areas of technology and cyber strategy, innovation, digital identity, and cyber detect & respond services. As a cyber principal practicing in GPS, Srini is committed to improving cyber risk management of our government and society. Srini is a co-author of the biennial Deloitte - NASCIO Cybersecurity Study publication with the National Association of State CIOs (NASCIO) since 2010. The recent 2020 Deloitte-NASCIO Cybersecurity Study and States At Risk publication can be found at: The cybersecurity imperative in uncertain times.

    • ssubramanian@deloitte.com
    • +1 717 651 6277

    Share article highlights

    See something interesting? Simply select text and choose how to share it:

    Email a customized link that shows your highlighted text.
    Copy a customized link that shows your highlighted text.
    Copy your highlighted text.

    States at risk: The cybersecurity imperative in uncertain times has been saved

    States at risk: The cybersecurity imperative in uncertain times has been removed

    An Article Titled States at risk: The cybersecurity imperative in uncertain times already exists in Saved items

    Invalid special characters found 
    Forgot password

    To stay logged in, change your functional cookie settings.

    OR

    Social login not available on Microsoft Edge browser at this time.

    Connect Accounts

    Connect your social accounts

    This is the first time you have logged in with a social network.

    You have previously logged in with a different account. To link your accounts, please re-authenticate.

    Log in with an existing social network:

    To connect with your existing account, please enter your password:

    OR

    Log in with an existing site account:

    To connect with your existing account, please enter your password:

    Forgot password

    Subscribe

    to receive more business insights, analysis, and perspectives from Deloitte Insights
    ✓ Link copied to clipboard
    • Contact us
    • Search jobs
    • Submit RFP
    • Subscribe to Deloitte Insights
    Follow Deloitte Insights:
    Global office directory US office locations
    US-EN Location: United States-English  
    About Deloitte
    • About Deloitte
    • Client stories
    • My Deloitte
    • Deloitte Insights
    • Email subscriptions
    • Press releases
    • Submit RFP
    • US office locations
    • Alumni
    • Global office directory
    • Newsroom
    • Dbriefs webcasts
    • Contact us
    Services
    • Tax
    • Consulting
    • Audit & Assurance
    • Deloitte Private
    • M&A and Restructuring
    • Risk & Financial Advisory
    • AI & Analytics
    • Cloud
    • Diversity, Equity & Inclusion
    Industries
    • Consumer
    • Energy, Resources & Industrials
    • Financial Services
    • Government & Public Services
    • Life Sciences & Health Care
    • Technology, Media & Telecommunications
    Careers
    • Careers
    • Students
    • Experienced Professionals
    • Job Search
    • Life at Deloitte
    • Alumni Relations
    • About Deloitte
    • Terms of Use
    • Privacy
    • Privacy Shield
    • Cookies
    • Cookie Settings
    • Legal Information for Job Seekers
    • Labor Condition Applications
    • Do Not Sell My Personal Information

    © 2023. See Terms of Use for more information.

    Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.

    Learn more about Deloitte's work for the US Olympic Committee