Managing cybersecurity at the grassroots: Evidence from the first nationwide survey of local government cybersecurity

This paper, based on data from the first nationwide survey of cybersecurity among local or grassroots governments in the United States, examines how these governments manage this important function. As we have shown elsewhere, cybersecurity among local governments is increasingly important because these governments are under constant or nearly constant cyberattack. Due to the frequency of cyberattacks, as well as the probability that at least some attacks will succeed and cause damage to local government information systems, these governments have great responsibility to protect their information assets. This, in turn, requires these governments to manage cybersecurity effectively, something our data show is largely absent at the American grassroots. That is, on average, local governments fail to manage cybersecurity well. After discussing our findings, we conclude and make recommendations for ways of improving local government cybersecurity management.

Automated summary

This paper examines the management of cybersecurity among local governments in the United States based on the first nationwide survey. The study shows that local governments are largely failing to effectively manage cybersecurity, despite the increasing importance of this function due to constant cyberattacks. Recommendations for improving local government cybersecurity management are provided.