The federal government is not alone in its failure to integrate cybersecurity into strategic technology planning. According to a new study by the Brookings Institution, only two states — New Mexico and Colorado — demonstrated a “solid and robust” understanding of the importance of integrating cybersecurity in their strategic IT plans.
In a detailed review of state-level strategic IT plans, Brookings analysts found that most states make only passing mention of cybersecurity and offer little, if any, detailed guidance.
“These states have solid IT strategic plans and clearly mention the need for cybersecurity, however security does not figure prominently in their IT strategic plan,” wrote Brookings authors Gregory Dawson and Kevin Desouza. “If strategies exist, they are mostly focused on a single aspect of cybersecurity such as infrastructure management.”