WASHINGTON, D.C.—The inability to pay competitive salaries, insufficient cybersecurity staff, and a general lack of funds present serious barriers to local governments achieving the highest levels of cybersecurity, according to a survey of local government chief information officers conducted by ICMA, the International City/County Management Association, in partnership with the University of Maryland Baltimore County.

The goal of the Cybersecurity 2016 Survey was to better understand current local government cybersecurity practices and their related issues, including what capacities cities and counties possess, what kind of barriers they face, and what type of support they have to implement cybersecurity programs.

Despite nearly a third (32 percent) of respondents reporting an increase in cyber attacks to their local government information during the past 12 months, 58 percent indicated that the inability to pay competitive salaries prohibited them from achieving high levels of cybersecurity. Fifty-three percent cited an insufficient number of cybersecurity staff as the primary obstacle, and 52 percent said it was a general lack of funds.

The public sector pays considerably less than the private sector for cybersecurity expertise, which places further pressure on U.S. local governments to find ways to fund compensation in this explosive industry. Currently, this booming field has zero unemployment and one million unfilled jobs, and experts estimate that the shortfall will reach 1.5 million by 2019.

When asked to rank the top three things most needed to ensure the highest level of cybersecurity for their local government, respondents cited greater funding as number one, better cybersecurity policies as number two, and greater cybersecurity awareness among local government employees as number three in importance.

“As local governments become increasingly reliant on technology and the Internet, they must also become increasingly diligent about the security they provide for the data and information they collect and manage,” said ICMA Executive Director Marc Ott. “Because the costs to restore compromised data are staggering, local governments must understand what resources they need to achieve their cybersecurity objectives and ensure the safety of their data. The results of the ICMA-UMBC Cybersecurity 2016 Survey can help local leaders identify and evaluate critical resource shortages.”

Other highlights of the ICMA/UMBC cybersecurity survey results include:

• Only 1 percent of responding local governments have a stand-alone cybersecurity department or unit. Primary responsibility for cybersecurity is most often located within the IT department.
   
• Roughly 62 percent of responding jurisdictions have developed a formal policy governing the use of personally-owned devices by governmental officials and employees.
   
• Nearly 70 percent of responding local governments have not developed a formal, written cybersecurity risk management plan, but nearly 41 percent conduct an annual risk assessment and an additional 16 percent take stock of their risk at least every two years.

The Cybersecurity 2016 Survey was mailed (with an online option) to the chief information officers of 3,423 U.S. municipalities and counties with populations of 25,000 or greater. Responses were received from 411 local governments for a response rate of 12 percent.

Review the complete results of the survey at: http://icma.org/cybersecurity2016surveyresults.

About ICMA
ICMA, the International City/County Management Association, advances professional local government worldwide through leadership, management, innovation, and ethics. ICMA is second only to the federal government in the collection, analysis, and dissemination of data focused on issues related to local government management. Through expansive partnerships with local governments, federal agencies, nonprofits, and philanthropic funders, the organization gathers information on topics such as sustainability, health care, aging communities, economic development, homeland security, alternative service delivery, as well as performance measurement and management data on a variety of local government services—all of which support related training, education, and technical assistance.

About the University of Maryland Baltimore County
UMBC is a dynamic public research university integrating teaching, research, and service to benefit the citizens of Maryland. As an Honors University, the campus offers academically talented students a strong undergraduate liberal arts foundation that prepares them for graduate and professional study, entry into the workforce, and community service and leadership. UMBC emphasizes science, engineering, information technology, human services and public policy at the graduate level. UMBC contributes to the economic development of the State and the region through entrepreneurial initiatives, workforce training, K-16 partnerships, and technology commercialization in collaboration with public agencies and the corporate community. UMBC is dedicated to cultural and ethnic diversity, social responsibility and lifelong learning.