October is National Cybersecurity Awareness Month, and the U.S. Department of Homeland Security is encouraging citizens and local governments to increase their resiliency by having the resources to prepare and respond to online cyberattacks. We know that cyberattacks on local governments and their service delivery systems can be disastrous for communities and put residents at risk.
As a leader in helping local governments prepare for disasters and emergencies, ICMA conducted a survey in 2016, in partnership with the University of Maryland, Baltimore County, to better understand cybersecurity practices of jurisdictions. The results of this survey were also included in the ICMA report Cybersecurity: Protecting Local Government Digital Resources, which includes planning suggestions for local governments setting up measures of security.
Download Cybersecurity Survey Summary Report
Download Cybersecurity: Protecting Local Government Digital Resources
One of the most significant findings in the overall report is that local governments report a high frequency of cyberattacks, but their ability to prepare and respond to attacks is limited. Check out some of the highlights from these reports and the relevant resources that can connect local leaders to the tools they need.
Forty-four percent of responding local governments' information systems are subject to cyberattacks at least once a day.
Shockingly, 18 percent of those local governments face cyberattacks hourly or more. The chart below shows some striking statistics about the vulnerable nature of local governments to cyberattacks. This highlights the need for local governments to step up their security measures to meet their level of susceptibility.
Local Government Cybersecurity Practices (n=350)
Approximately 48 percent of responding local governments have developed formal cybersecurity policies, standards, strategy, or plans.
Only 33 percent, however, have a formal cybersecurity risk management plan or written plan for recovery from breaches. This graph illustrates the number of local governments that have adopted rules and policies related to cybersecurity:
Local governments cite greater funding for cybersecurity as the number one thing they need most to ensure the highest level of security.
With better policies and great awareness coming in second and third respectively, it is clear that the barrier to better cybersecurity in local governments revolves around revitalizing the policies and practices in jurisdictions.
ICMA offers a number of resources to assist local governments in managing the challenges of cybersecurity:
Cyber Disruption Response Planning Checklist: Researching the process of creating a cybersecurity plan for your local government? Look no further than this checklist on cyber disruption response planning that includes recommendations from start to finish.
Cybersecurity: The New Crimefighters: Reflecting on the massive cyberattack on Atlanta, Georgia, in early 2018, this piece offers resources on how to respond when an attack happens.
Expert Interview: Cybersecurity Awareness Training for Local Government Employees: ICMA sat down with Battle Creek, Michigan's City Manager Rebecca Fleury and IT Director Charles Norton to discuss cybersecurity awareness training strategies and best practices for local governments. Check out the interview here.
Interested in a snapshot of this research? Download a free copy of the report snapshot.
Download Cybersecurity Snapshot
This blog post is part of the monthly "Facts and Stats" blog series that highlights ICMA research on hot topics. To receive the monthly blog series, subscribe to the ICMA Blog!
New, Reduced Membership Dues
A new, reduced dues rate is available for CAOs/ACAOs, along with additional discounts for those in smaller communities, has been implemented. Learn more and be sure to join or renew today!