#USA #New York #Cybersecurity #Public Sector #CISO Survey

Declining Confidence in Public Sector Cybersecurity

A recent survey conducted by NASCIO and Deloitte has shed light on the shifting landscape of public sector cybersecurity, revealing a concerning drop in confidence among Chief Information Security Officers (CISOs). This comprehensive study, which encompasses insights from CISOs across all 50 states and two territories, highlights not only the challenges faced but also delineates the proactive measures taken to fortify digital defenses.

In 2026, only 26% of participating state CISOs reported being "extremely" or "very" confident in their state's ability to safeguard information assets, a steep decline from 48% in 2022. This downturn in confidence can be attributed to the escalating complexity of cyber threats, including those driven by advancements in artificial intelligence. As cyber attackers adopt sophisticated tactics, the pressure on state CISOs to adapt and respond effectively intensifies.

Priorities Shifted Toward Metrics and AI Integration

One of the most striking findings of the survey is the shifting priorities among CISOs. A significant 49% of CISOs identified the implementation of effectiveness metrics as a top priority for cybersecurity in 2026, a marked increase from previous years. Such metrics are crucial in demonstrating the return on investment in cybersecurity, especially in the face of budgetary constraints.

The survey noted that 16% of CISOs experienced budget cuts, up from none in 2024, further complicating efforts to enhance cybersecurity. In light of these challenges, many CISOs have recognized the importance of generating effective metrics to showcase the benefits of their initiatives.

Additionally, nearly all participating CISOs (94%) reported involvement in developing security policies for Generative AI, with 84% directly involved in crafting strategies applicable to this innovative technology. This acknowledgment of Generative AI's potential—both as a threat and a defensive tool—illustrates the dynamic nature of the cybersecurity landscape.

The Dual Role of AI in Cybersecurity

While AI poses serious risks, such as deepfakes and ransomware-as-a-service operations, it simultaneously offers promising capabilities for enhancing cybersecurity responses. Many CISOs are leveraging AI technologies to streamline security operations, manage alerts efficiently, and improve threat identification processes. Generative AI's application in core security functions marks a significant evolution in how state governments approach cybersecurity, positioning CISOs as central figures in shaping these strategies.

Mike Wyatt, a cyber risk leader at Deloitte, emphasized the importance of collaboration within the broader ecosystem, noting a trend towards a "whole-of-state" approach to cybersecurity. This strategy aims to extend protections beyond state agencies to local governments and educational institutions, mitigating vulnerabilities across interconnected networks.

The Imperative for Stronger Collaboration and Communication

The urgency for improved coordination and policy clarity among state entities cannot be overstated. With a notable increase in CISOs expressing skepticism about local government and public higher education's ability to secure data—rising from 35% in 2022 to 63% in 2026—the need for comprehensive protective measures becomes paramount. A single breach in one area can trigger a cascade effect, jeopardizing personal information and disrupting essential services across the board.

In conclusion, as public sector CISOs navigate an increasingly turbulent cyber landscape marked by both threats and opportunities, the survey underscores the critical importance of shared resources, enhanced policies, and effective metrics. The 2026 NASCIO-Deloitte survey serves as a clarion call for state leaders to bolster their cyber resilience strategies, ensuring that security measures evolve in tandem with the threats they aim to counter.