Back

State and Local Governments Face Escalating Cybersecurity Challenges Amid AI Threats

Severity: High (Score: 68.0)

Sources: Itif, usafacts.org, therecord.media, oaklandside.org, www.fortinet.com

Summary

State and local governments in the U.S. are experiencing a significant decline in confidence regarding their cybersecurity capabilities, with only 22% of chief information security officers (CISOs) feeling 'extremely' or 'very' confident in 2026, down from 48% in 2022. The rise of AI-enabled cyberattacks has exacerbated the situation, with adversaries employing sophisticated tactics that include automated phishing and ransomware-as-a-service. Budget constraints are a critical issue, as 16% of CISOs reported cuts to their cybersecurity budgets, a stark contrast to previous years. The National Association of State CIOs and Deloitte's biennial survey highlights that the urgency for improved cybersecurity measures is paramount, as vulnerabilities in one network can lead to widespread exposure of personal information and disruption of essential services. Many states are moving towards a 'whole-of-state' cybersecurity approach to enhance collaboration and protection across various public sectors. The increasing complexity of threats and the need for effective metrics to demonstrate cybersecurity investment returns are also emphasized. Key Points: • Only 22% of state CISOs report high confidence in their cybersecurity capabilities, down from 48%. • AI-enabled attacks are accelerating, making cyber threats more sophisticated and harder to defend against. • Budget cuts are impacting cybersecurity efforts, with 16% of CISOs reporting reduced funding.

Key Entities

  • Data Breach (attack_type)
  • DDoS (attack_type)
  • Denial-of-Service (attack_type)
  • Distributed Denial-of-Service (attack_type)
  • Extortion (attack_type)
  • Salt Typhoon (apt_group)
  • Amazon Web Services (company)
  • Army National Guard (company)
  • AT&T (company)
  • California Department Of Motor Vehicles (company)
  • Los Angeles Unified School District (company)
  • China (country)
  • Iran (country)
  • Russia (country)
  • United States (country)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • Cwe-89 - SQL Injection (cwe)
  • getyourknowledgeon.com (domain)
  • Government (industry)
  • Healthcare (industry)
  • Manufacturing (industry)
  • T1486 - Data Encrypted for Impact (mitre_attack)
  • T1499 - Endpoint Denial of Service (mitre_attack)
  • T1566.001 - Spearphishing Attachment (mitre_attack)
  • T1566 - Phishing (mitre_attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed