Cities value cybersecurity but budget prevents investment

According to Augusta University research, most cities understand the importance of cybersecurity but are not investing in vulnerable areas due to financial constraints.

Editor’s Note: October is National Cybersecurity Awareness Month.

Although city governments increasingly rely on software programs to provide services such as 911 calls, service delivery and online bill payment, they may not have the proper cybersecurity policies in place to protect their systems, according to a recent nationwide survey of cities by Augusta University researchers.

“We’re concerned first with the human factor of all issues,” said Dr. William Hatcher, director of Augusta University’s Master of Public Administration program and one of the survey’s authors. “Having trained employees is necessary to stop attacks or even make sure organizations are not tricked through phishing type schemes.”

Almost 30 percent of surveyed cities have no formal cybersecurity policy, which would include rules on password creation, guidelines for employee training on computer security and procedures for reviewing the list of employees with access to sensitive systems, according to the survey.

Of the cities that have a formal policy, the survey found that:

  • 17 percent don’t require in-depth background checks when employees are granted access to sensitive systems
  • 18 percent don’t teach employees to recognize breaches
  • 37 percent don’t provide ongoing training to employees on new computer security procedures
  • 47 percent don’t review the list of employees who have security access on a regular basis
  • 54 percent don’t work with an outside auditor to review their policies on an annual basis

The survey looked into cities nationwide with more than 10,000 people and received responses from 193 local governments.

Based on the results of the survey, Hatcher says most cities understand the importance of cybersecurity but are not investing in vulnerable areas due to financial constraints.

“Providing effective cybersecurity protection is expensive, and many municipalities have financial issues paying for the service,” Hatcher said.

As the March 22 ransomware attack against Atlanta shows, however, the cost of recovering from cyberattacks can be significant. Following the attack, Atlanta spent $2.7 million in contracts to clean its network, according to the Atlanta Journal-Constitution. That number didn’t include the cost of thousands of city employees not being able to access their work computers for five days.

In the end, investing in security could be cheaper than paying to recover a city’s computer systems following a cyberattack.

“Cities, small and large, house a ton of data on their cities — financial information, tax information, housing information, criminal justice information, etc.,” Hatcher said. “This data needs to be kept secure.”

Like
Like Love Haha Wow Sad Angry
Written by
Arthur Takahashi

Arthur Takahashi is Digital Media Coordinator at Augusta University. Contact him to schedule an interview on this topic or with one of our experts at 706–446–5128 or atakahashi@augusta.edu.

View all articles

Jagwire is your source for news and stories from Augusta University. Daily updates highlight the many ways students, faculty, staff, researchers and clinicians "bring their A games" in classrooms and clinics on four campuses in Augusta and locations across the state of Georgia.