Dive Brief:

• Governors are more aware of cybersecurity threats than they were two years ago, but lack the budgets and human resources needed to adequately protect themselves, according to a biennial Deloitte-National Association of State Chief Information Officers (NASCIO) cybersecurity study released Tuesday.
• The survey found 29% of respondents are now required to present a cybersecurity report to the governor’s office on a monthly basis. In 2014, that number was 17%. Another 39% of respondents said they present reports to the governor on an ad hoc basis.
• The most significant challenge to states is a lack of sufficient funding, according to the report. Most state cybersecurity budgets are between zero and 2% of a state’s IT budget.

Dive Insight:

"We’re seeing cybersecurity become a more significant part of government operations, but with a spend of only 1-2% of the total budget, government is going to be limited in what it can ultimately do," said Srini Subramanian, principal, Deloitte & Touche LLP.

That 1-2% figure has held steady year-over-year at the state government level, Subramanian added, while the federal government saw an increase of 35% this year alone.

President Barack Obama has prioritized cybersecurity as "one of the most important challenges" the U.S. faces, with cyber threats at every level of government. Earlier this year, the administration approved a 35% increase in cybersecurity investment from the 2016 budget, citing the need to modernize outdated technology, create a coordinated approach to federal cybersecurity and improve the IT workforce gaps.

To get around budget challenges, some states are renewing cybersecurity training and awareness efforts. Fully 39% of those surveyed said they were using tactics such as strong passwords or staff training to protect themselves from potential attacks.