Viewing offline content

Limited functionality available

Dismiss
Deloitte Middle East
Annotations
  • Services

    What's New

    • Deloitte175

      Join us for a celebration of 175 years of making an impact that matters.

    • Building the Resilient Organization

      2021 Deloitte Global resilience report

    • 2020 Global Gender Impact Report

      A collection of Butterfly Effect stories highlighting how our Deloitte professionals are positively impacting the lives of women and girls around the world

    • Audit & Assurance

      • Assurance
    • Consulting

      • Strategy, Analytics and M&A
      • Customer and Marketing
      • Business Operations
      • Human Capital
      • Enterprise Technology & Performance
    • Financial Advisory

      • Mergers & Acquisitions
      • Forensic
      • Real Estate
      • Turnaround & Restructuring
    • Risk Advisory

      • Strategic & Reputation Risk
      • Regulatory Risk
      • Financial Risk
      • Operational Risk
      • Cyber Risk
    • Tax

      • Global Business Tax Services
      • Indirect Tax
      • Global Employer Services
    • Deloitte Private

      • Family Enterprise
    • Legal

    • Sustainability

  • Industries

    What's New

    • Deloitte perspectives

      Leadership perspectives from across the globe.

    • Deloitte Insights App

      Our thought leadership and Dow Jones news, now at your fingertips

    • Future of Mobility

      Learn how this new reality is coming together and what it will mean for you and your industry.

    • Consumer

      • Automotive
      • Consumer Products
      • Retail, Wholesale & Distribution
      • Transportation, Hospitality & Services
    • Energy, Resources & Industrials

      • Industrial Products & Construction
      • Mining & Metals
      • Oil, Gas & Chemicals
      • Power, Utilities & Renewables
    • Financial Services

      • Banking & Capital Markets
      • Insurance
      • Investment Management
      • Real Estate
    • Government & Public Services

      • Civil Government
      • Defense, Security & Justice
      • Health & Social Care
      • Transport
    • Life Sciences & Health Care

      • Health Care
      • Life Sciences
    • MENA Sovereign Wealth Funds

    • Technology, Media & Telecommunications

      • Technology
      • Telecommunications, Media & Entertainment
  • Insights

    Deloitte Insights

    What's New

    • Deloitte Insights Magazine

      Explore the latest issue now

    • Deloitte Insights app

      Go straight to smart with daily updates on your mobile device

    • Weekly economic update

      See what's happening this week and the impact on your business

    • Strategy

      • Business Strategy & Growth
      • Digital Transformation
      • Governance & Board
      • Innovation
      • Marketing & Sales
      • Private Enterprise
    • Economy & Society

      • Economy
      • Environmental, Social, & Governance
      • Health Equity
      • Trust
      • Mobility
    • Organization

      • Operations
      • Finance & Tax
      • Risk & Regulation
      • Supply Chain
      • Smart Manufacturing
    • People

      • Leadership
      • Talent & Work
      • Diversity, Equity, & Inclusion
    • Technology

      • Data & Analytics
      • Emerging Technologies
      • Technology Management
    • Industries

      • Consumer
      • Energy, Resources, & Industrials
      • Financial Services
      • Government & Public Services
      • Life Sciences & Health Care
      • Technology, Media, & Telecommunications
    • Spotlight

      • Deloitte Insights Magazine
      • Press Room Podcasts
      • Weekly Economic Update
      • COVID-19
      • Resilience
  • Careers

    What's New

    • Millennial Survey 2022

      Gen Zs and millennials are striving for balance and advocating for change.

    • Candidate Profile

      After applying for a job in this country, you can access/update your candidate profile at any time.

    • Job Search

    • Students

    • Experienced Hires

    • Executives

    • Life at Deloitte

    • Alumni

    • Diversity and Inclusion

  • XE-EN Location: XE-English  
  • Contact us
  • XE-EN Location: XE-English  
  • Contact us
    • Dashboard
    • Saved items
    • Content feed
    • Profile/Interests
    • Account settings

Welcome back

Still not a member? Join My Deloitte

The 2018 Deloitte-NASCIO Cybersecurity Study

by Srini Subramanian
  • Save for later
  • Download
  • Share
    • Share on Facebook
    • Share on Twitter
    • Share on Linkedin
    • Share by email
Deloitte Insights
  • Strategy
    Strategy
    Strategy
    • Business Strategy & Growth
    • Digital Transformation
    • Governance & Board
    • Innovation
    • Marketing & Sales
    • Private Enterprise
  • Economy & Society
    Economy & Society
    Economy & Society
    • Economy
    • Environmental, Social, & Governance
    • Health Equity
    • Trust
    • Mobility
  • Organization
    Organization
    Organization
    • Operations
    • Finance & Tax
    • Risk & Regulation
    • Supply Chain
    • Smart Manufacturing
  • People
    People
    People
    • Leadership
    • Talent & Work
    • Diversity, Equity, & Inclusion
  • Technology
    Technology
    Technology
    • Data & Analytics
    • Emerging Technologies
    • Technology Management
  • Industries
    Industries
    Industries
    • Consumer
    • Energy, Resources, & Industrials
    • Financial Services
    • Government & Public Services
    • Life Sciences & Health Care
    • Tech, Media, & Telecom
  • Spotlight
    Spotlight
    Spotlight
    • Deloitte Insights Magazine
    • Press Room Podcasts
    • Weekly Economic Update
    • COVID-19
    • Resilience
    • XE-EN Location: XE-English  
    • Contact us
      • Dashboard
      • Saved items
      • Content feed
      • Profile/Interests
      • Account settings
    22 October 2018

    The 2018 Deloitte-NASCIO Cybersecurity Study States at risk: Bold plays for change

    23 October 2018
    • Srini Subramanian United States
    • Srini Subramanian United States
    • Save for later
    • Download
    • Share
      • Share on Facebook
      • Share on Twitter
      • Share on Linkedin
      • Share by email

    State CISOs have gained considerable influence since the role first appeared—but crucial funding and talent challenges remain. Three bold actions can help today’s state CISOs find the resources to safeguard their state’s IT infrastructures.

    US state chief information security officers (CISOs) have an opportunity to pursue three “bold plays” that can help them address persistent budgetary and talent challenges to improving their state’s cybersecurity posture, according to a new survey by Deloitte & Touche LLP and the National Association of State Chief Information Officers (NASCIO).

    Learn More

    Create a custom PDF or download the full report

    Read the 2016 survey

    Explore the Government and public services collection

    Subscribe to receive related content

    State CISOs have increased in visibility and influence since the role first appeared almost a decade ago, says the 2018 Deloitte-NASCIO Cybersecurity Study—States at risk: Bold plays for change. Yet many still struggle to secure funding for cybersecurity initiatives and find qualified talent. To help address these challenges, state CISOs can leverage their increased visibility and influence to:

    • Advocate for dedicated cyber program funding. CISOs can raise cybersecurity’s profile with the state legislature and executive branch by making it a line item in the IT budget. They can also seek funding from large federal agencies to implement their security requirements and controls.
    • Be an enabler of innovation, not a barrier. CISOs should actively participate in shaping their state’s innovation agenda, collaborate with state digital and innovation officers, and lead the charge to help program leaders embrace and securely adopt new technologies.
    • Team with the private sector and higher education. CISOs can leverage public-private partnerships and collaborations with local colleges and universities to provide a pipeline of new talent through internships, co-ops, and apprenticeship programs. They could also consider outsourcing some cybersecurity functions to external providers.

    Three bold plays for CISOs to consider

    Despite funding and talent challenges, the state CISO role is rapidly maturing, and the CISOs themselves are taking on a greater scope of authority. All 50 states have established the CISO’s authority via the legislature, secretary, or CIO. In addition, most states now have documented and approved cybersecurity governance plans—40 states in 2018, compared to just 29 states in 2016. The vast majority of CISOs (90 percent, up from 76 percent in 2016) have extended their scope of authority beyond their own agency to align with all executive agencies in their state government.

    Further evidencing their growing mastery of the role, many CISOs have expanded cybersecurity awareness training and security threat assessments. Most states—94 percent in 2018, up from 84 percent in 2016—deliver cybersecurity training to state employees and contractors at least annually. In addition, CISOs are conducting more regular assessments of top security threats. In particular, this year’s survey showed a dramatic rise since 2016 in monthly assessments for Web applications, the top threat experienced by CISOs this year.

    States also show they are beginning to take steps to address privacy, an emerging issue related to cybersecurity. Notable in this year’s survey, more states than in previous surveys report having a chief privacy officer (CPO): In 2018, more than a quarter of states had one, compared to less than a fifth in 2016.

    Perhaps most encouragingly, cybersecurity is being elevated to state leadership as a key issue on a regular basis. This year’s survey found that CISOs have increased their regular reporting to state leadership. A fifth of state respondents said that they report monthly to the governor, and a third report monthly to the state secretary or deputy secretary. Monthly reporting to business stakeholders has also increased—to 25 percent, up from 10 percent in 2016. And more states are engaging with both business line and technology decision-makers in making strategy decisions—88 percent in 2018, up from 75.5 percent in 2016.

    Read more in 
    2018 Deloitte-NASCIO Cybersecurity Study—States at risk: Bold plays for change

    Authors

    Srini Subramanian is a principal in Deloitte & Touche LLP’s Cyber Risk Services practice and leads the State, Local, and Higher Ed sector for risk and financial advisory services in the Government & Public Services industry. He is based in Harrisburg, PA.
    Doug Robinson is executive director of the National Association of State Chief Information Officers (NASCIO). He is based in Lexington, KY.

    Acknowledgments

    We thank the NASCIO and Deloitte professionals who helped to develop the survey and execute, analyze, and create the report.

    NASCIO
    • Doug Robinson, Executive Director
    • Meredith Ward, Senior Policy Analyst

    STATE CISO SURVEY REVIEW TEAM
    • Elayne Starkey, State of Delaware (retired)
    • Rajiv Das, State of Michigan
    • Stan Gatewood, State of Georgia
    • Mark Gower, State of Oklahoma
    • Michael Roling, State of Missouri
    • Nancy Rainosek, State of Texas

    DELOITTE SUBJECT MATTER SPECIALIST CONTRIBUTORS
    • Bharane Balasubramanian, Deloitte & Touche LLP
    • Bharath Chari, Deloitte & Touche LLP
    • Clayton Frick, Deloitte & Touche LLP
    • Deborah Golden, Deloitte & Touche LLP
    • John O’Leary, Deloitte Services LP
    • Art Stephens, Deloitte Consulting LLP
    • Srini Subramanian, Deloitte & Touche LLP
    • Mike Wyatt, Deloitte & Touche LLP

    DELOITTE SURVEY TEAM, DATA ANALYSIS, AND BENCHMARKS
    • Sushumna Agarwal, Deloitte Services LP
    • Divya Nayak, Deloitte & Touche LLP
    • Akash Keyal, Deloitte Services LP
    • Alex Vilkin, Deloitte & Touche LLP
    • Susan Watts, Deloitte & Touche LLP

    MARKETING
    • Annette Evans, Deloitte Services LP
    • Anudeep Gurram, Deloitte Services LP
    • Catherine Yang, Writer

    Cover image by: Taylor Callery

    Endnotes
    Show moreShow less

    Topics in this article

    Cyber risk , State Government , Public Sector , Government , Risk management , Podcasts , Technology Management

    Cyber Risk Services

    Deloitte’s cyber risk services help complex organizations more confidently leverage advanced technologies to achieve their strategic growth, innovation, and performance objectives through proactive management of the associated cyber risks. Deloitte provides advisory, implementation, and managed cybersecurity services to help our government clients transform legacy security programs to Secure.Vigilant.Resilient.™ cyber risk programs. Deloitte’s demonstrated approach and methodology helps its clients better align security investments with risk priorities, establish improved threat awareness and visibility, and strengthen the ability of organizations to thrive in the face of cyber incidents.

    Learn more
    Get in touch
    Contact
    • Srini Subramanian
    • Principal, Government & Public Services State, Local & Higher Education leader
    • Deloitte & Touche LLP
    • ssubramanian@deloitte.com
    • +1 717 651 6277

    Download Subscribe

    Related

    img Trending

    Interactive 3 days ago

    Srini Subramanian

    Srini Subramanian

    Principal | Deloitte Risk & Financial Advisory

    Srini is a Deloitte & Touche LLP principal in the US Government and Public Services (GPS) practice and leads the Risk & Financial Advisory practice for the SLHE Sector. Srini serves as the GPS Industry Leader for the Global Risk Advisory practice. Srini has more than 33 years of technology experience and more than 23 years of cyber risk services experience in the areas of technology and cyber strategy, innovation, digital identity, and cyber detect & respond services. As a cyber principal practicing in GPS, Srini is committed to improving cyber risk management of our government and society. Srini is a co-author of the biennial Deloitte - NASCIO Cybersecurity Study publication with the National Association of State CIOs (NASCIO) since 2010. The recent 2020 Deloitte-NASCIO Cybersecurity Study and States At Risk publication can be found at: The cybersecurity imperative in uncertain times.

    • ssubramanian@deloitte.com
    • +1 717 651 6277

    Share article highlights

    See something interesting? Simply select text and choose how to share it:

    Email a customized link that shows your highlighted text.
    Copy a customized link that shows your highlighted text.
    Copy your highlighted text.

    The 2018 Deloitte-NASCIO Cybersecurity Study has been saved

    The 2018 Deloitte-NASCIO Cybersecurity Study has been removed

    An Article Titled The 2018 Deloitte-NASCIO Cybersecurity Study already exists in Saved items

     
    Forgot password

    To stay logged in, change your functional cookie settings.

    OR

    Social login not available on Microsoft Edge browser at this time.

    Connect Accounts

    Connect your social accounts

    This is the first time you have logged in with a social network.

    You have previously logged in with a different account. To link your accounts, please re-authenticate.

    Log in with an existing social network:

    To connect with your existing account, please enter your password:

    OR

    Log in with an existing site account:

    To connect with your existing account, please enter your password:

    Forgot password

    Subscribe

    to receive more business insights, analysis, and perspectives from Deloitte Insights
    ✓ Link copied to clipboard
    • Contact us
    • Search Jobs
    • Submit RFP
    Follow Deloitte Insights:
    Global office directory Office locations
    XE-EN Location: XE-English  
    About Deloitte
    • Newsroom
    • Deloitte events
    • Our blog collections
    • Press releases
    • Press contacts
    • Corporate Responsibility & Sustainability
    • Report an ethics complaint
    Services
    • Audit & Assurance
    • Consulting
    • Financial Advisory
    • Risk Advisory
    • Tax
    • Deloitte Private
    • Legal
    • Sustainability
    Industries
    • Consumer
    • Energy, Resources & Industrials
    • Financial Services
    • Government & Public Services
    • Life Sciences & Health Care
    • MENA Sovereign Wealth Funds
    • Technology, Media & Telecommunications
    Careers
    • Job Search
    • Students
    • Experienced Hires
    • Executives
    • Life at Deloitte
    • Alumni
    • Diversity and Inclusion
    • About Deloitte
    • About Deloitte in the Middle East
    • Privacy
    • Terms of use
    • Cookies
    • Avature Privacy

    © 2022. See Terms of Use for more information.

    Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see About Deloitte to learn more about our global network of member firms.