This report reflects insights from 51 state and territory respondents on the CISO’s role, as well as budget, governance, reporting, workforce, and operations.

From the report, “ONE OF THE most important priorities of a state chief information officer (CIO) is to reduce risk to their state. Cybersecurity and reducing cyber risk, specifically, is top of mind for every state CIO and many factors contribute to this. For example, it is unknown how many cyberattacks have been attempted on state government collectively, but one state estimates that two years ago there were 150 million attacks a day, while today there is an average of 300 million attacks per day. The same state has seen as many as 800 to 900 million in one day. "