* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Points of View](https://www2.paloaltonetworks.com/blog/category/points-of-view/)
* 5 Cybersecurity Barriers ...

# 5 Cybersecurity Barriers State Organizations Face

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2021%2F10%2Fcybersecurity-barriers%2F)  
[](https://twitter.com/share?text=5+Cybersecurity+Barriers+State+Organizations+Face&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2021%2F10%2Fcybersecurity-barriers%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2021%2F10%2Fcybersecurity-barriers%2F&title=5+Cybersecurity+Barriers+State+Organizations+Face&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2021/10/cybersecurity-barriers/&ts=markdown)  
\[\](mailto:?subject=5 Cybersecurity Barriers State Organizations Face)  
Link copied  
By [Matt Schneider](https://www.paloaltonetworks.com/blog/author/matt-schneider/?ts=markdown "Posts by Matt Schneider")  
Oct 19, 2021  
5 minutes  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)  
[cybersecurity](https://www.paloaltonetworks.com/blog/tag/cybersecurity/?ts=markdown)  
[deloitte](https://www.paloaltonetworks.com/blog/tag/deloitte/?ts=markdown)  
[NASCIO](https://www.paloaltonetworks.com/blog/tag/nascio/?ts=markdown)  
[thought leadership](https://www.paloaltonetworks.com/blog/tag/thought-leadership/?ts=markdown)

## Megatrend Impacts

A recent Deloitte and National Association of State Chief Information Officers (NASCIO) [study](https://www.nascio.org/wp-content/uploads/2020/10/2020-Deloitte-NASCIO-Cybersecurity-Study-1.pdf) found five cybersecurity barriers working against state and local government organizations' ability to improve their security posture. According to the study, only 36% of U.S. states have a dedicated cybersecurity budget line item, and most states allocate less than 3% of their total IT budget to cybersecurity.

This funding seems far from adequate given the cybersecurity megatrends impacting state and local government organizations:

#### Megatrend \#1: The Work-From-Home Shift

Chief information officers (CIOs), chief information security officers (CISOs) and their teams had a Herculean task in setting up hundreds or thousands of "branches of one" when the COVID-19 pandemic forced employees to work from home. Many organizations accessed emergency funding to fortify endpoints and make other investments in emergency connectivity. Now, they face the daunting challenge of modernizing their IT infrastructure to secure long-term work-from-home and hybrid work arrangements, ensuring their networks are well-supported, engaged and reliable for users.

#### Megatrend \#2: The SaaS and Cloud Workload Explosion

Like many businesses, state and local governments widened their embrace of software-as-a-service (SaaS) and cloud computing during the pandemic. However, the proliferation of these workloads has led to a staggering lack of visibility into what's happening with devices, users and data across the many clouds.

This blind spot is now a black hole for many organizations as their workers, who are fed up with cumbersome and unreliable connections, are turning off secure VPNs to connect to the cloud directly to access apps and services. This behavior is understandable, connecting to the enterprise through the cloud to access the cloud again is downright inefficient. However, it's also greatly expanding the attack surface.

#### Megatrend \#3: The Inevitability of a Cyberattack

A larger attack surface means more risk for cyberattacks, and state and local governments are already prime targets for malicious actors. Attackers recognize these organizations can be easy to compromise because they rely on legacy technology with known vulnerabilities and lack the resources to keep them updated. In addition, cybersecurity training for staff is often inadequate.

## Cybersecurity Barriers

State and local governments, along with their security teams, clearly have some significant cybersecurity challenges to solve. Here's a closer look at the cybersecurity barriers impeding their progress, which were identified in the [Deloitte-NASCIO study](https://www2.deloitte.com/content/dam/insights/us/articles/6899_nascio/DI_NASCIO_interactive.pdf). We offer a few suggestions for navigating them:

#### 1. Lack of Sufficient Cybersecurity Budget

Cybersecurity needs to be included in the operational budget; it can't be an IT budget line item. Why? Because cybersecurity must be part of the overall business strategy.

Viewing cybersecurity as integral to supporting and protecting [the business of government](https://www.paloaltonetworks.com/blog/2021/09/preventing-an-inevitable-cyberattack/) often requires a mindset shift among top leadership. Proactive, substantive conversations on this topic must occur, and the CIO must be invited to the head table to engage in discussions and planning. This dialogue can help move the cybersecurity budget from insufficient to appropriate.

#### 2. Inadequate Cybersecurity Staffing

Hiring skilled cyber talent is an ongoing challenge for state and local governments. Engaging specialized or contract-based talent on a project basis can help them get work done and completed on time.

That said, cybersecurity projects can't be treated as one-off initiatives. They must be strategic and linked to business outcomes, as well as help the organization create a strong foundational layer of security to build on. Most importantly, the resulting platform must make tool and app integration easier, laying the groundwork to use machine learning, automation and other technologies to help overcome cybersecurity staffing challenges.

#### 3. Legacy Infrastructure and Solutions to Support Emerging Threats

Modernizing IT and adopting new tools, including those that provide insight into the cloud, are vital to-dos for state and local governments.

Now is a good time for CIOs and CISOs to seek buy-in from leadership for this type of change. As the Deloitte-NASCIO report explains, security teams have been able to demonstrate the value of cybersecurity to the business during the pandemic, and security leaders should now work to keep the forward momentum going strong as organizations plan for the future.

#### 4. Lack of Dedicated Cybersecurity Budget

Security costs need to be addressed at the onset of any IT project. And again, there must be dedicated funding for cybersecurity in the *operational*budget. Answering the question, "How much is needed?" will depend on what the organization wants to accomplish to increase its security posture, since there is no one-size-fits-all approach.

C-suite conversations that include the CIO can help determine what's needed, where it's needed and how much it will cost.

#### 5. Inadequate Availability of Cybersecurity Professionals

State and local governments are challenged when it comes to competing for in-demand cybersecurity talent, so they must make the best use of the talent they have. Being strategic and time-bound with cybersecurity projects can help them deploy talent effectively and budget for additional temporary resources when necessary.

Improving cybersecurity is a heavy lift for state and local governments. No one technology is going to solve all challenges, which is why CIOs need technologies that will work together to help protect the business of government. To overcome key cybersecurity barriers to progress, cybersecurity must be at the foundation of every project, and every initiative, large or small, should be considered individually, holistically and with an eye toward the future.

## Learn More

Get more insight on how state and local governments can improve their security posture in my previous post on [creating a well-planned response to an inevitable cyberattack](https://www.paloaltonetworks.com/blog/2021/09/preventing-an-inevitable-cyberattack/).

*** ** * ** ***

## Related Blogs

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Cybersecurity Guidelines for New Governors](https://www2.paloaltonetworks.com/blog/2023/02/cybersecurity-guidelines-for-new-governors/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Securing the Quantum Age](https://www2.paloaltonetworks.com/blog/2025/08/securing-the-quantum-age/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### SEC Rule Sparks Reimagining of Cybersecurity Operations](https://www2.paloaltonetworks.com/blog/2023/08/sec-rule-cybersecurity-operations/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Breaking Down the NASCIO Top 10 for 2023](https://www2.paloaltonetworks.com/blog/2023/01/nascio-top-10-for-2023/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Bipartisan Cybersecurity Legislation --- Continuing the Progress in 2022](https://www2.paloaltonetworks.com/blog/2022/01/bipartisan-cybersecurity-policy/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Australia's Response to the Rise of Ransomware](https://www2.paloaltonetworks.com/blog/2021/10/australias-ransomware-action-plan/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language