Elected officials have a unique role in government cybersecurity efforts and are held accountable for protecting critical government resources and data. Too often, elected officials fail to prioritize cybersecurity until after a breach — when it’s too late. Such failure to properly plan for and provide adequate cybersecurity resources can result in the exposure of large numbers of constituent records, which can damage the livelihoods of citizens and businesses, cost millions of dollars in unplanned expenses, spawn lawsuits and erode public trust. The loss of reputation and public trust is immeasurable, especially for government organizations
In the absence of enterprise-wide cybersecurity standards and regulations, many security experts use a patchwork of government and industry mandates to direct their efforts. Compliance requirements can help organizations establish a cybersecurity baseline, but this approach lacks consistency across the public and private sectors as a whole. “There has been a degree of fracturing where different sectors and organizations rely on different standards, regulations and requirements,” says Adam Sedgewick, senior information technology policy adviser for NIST.
Instead of relying on mandates that drive cybersecurity strategies, cybersecurity efforts should be integrated within existing risk management and business continuity processes. The risk-based approach is driven by business requirements and will help leaders identify, assess and prioritize cybersecurity spend and strategies.
Learn more about the challenges of government cybersecurity in this handbook for elected officials (pdf).