CONTENTS

Key Takeaways 1

Introduction 3

State and Local Governments Face Increased Cybersecurity Risk 4

Rising Costs and Frequency of Attacks 4

Evolving Threat Actors 6

Expanded Digital Exposure 8

State and Local Government Cybersecurity is Fragmented, Underfunded, and Unprepared 9

Resource and Capacity Limitations 10

Organizational and Structural Weaknesses 11

Market, Technology, and Regulatory Failures 12

Recommendations 15

Resource and Capacity Limitations 15

1 Make the State and Local Cybersecurity Grant Program Permanent 15

2 Expand the CyberCorps: Scholarship for Service Program 16

3 Establish Regional Cybersecurity Training Hubs 16

Organizational and Structural Weaknesses 17

4 Improve Federal, State, and Local Coordination 17

5 Establish State Cybersecurity Coordination Centers 17

6 Operationalize the Emergency Management Assistance Compact for Cybersecurity Missions 17

7 Replace Ransom Payments With Dedicated Security Funding 18

Market, Technology, and Regulatory Failures 18

8 Set Minimum Cybersecurity Standards for Government Technology 19

9 Adopt Strong Cybersecurity Procurement and Reporting Standards 19

10 Invest in Public Sector Tailored Cybersecurity Tools 19

Conclusion 20

Endnotes 21