Although approximately two-thirds of states identified cybersecurity as a high-priority capability, cybersecurity was among the lowest in preparedness levels, according to FEMA’s 2012 National Preparedness Report.
The state capability level of cybersecurity was only 42% among states, the lowest ranking of the 31 core capabilities for national preparedness, the report found. Public health and medical services was highest with a 78% capability level.
“The nation is highly reliant upon interdependent cyber systems, yet stakeholders have an incomplete understanding of cyber risk and inconsistent public and private participation in cybersecurity partnerships. Trends also point to cyber criminals’ continued focus on stealing customer records, including personally identifiable information, payment card data, email addresses, and other customer data”, the report observed.
In addition, FEMA noted that the Department of Homeland Security’s 2011 Nationwide Cybersecurity Review found gaps in cyber-related preparedness among 162 state and local entities. For example, although 81% of respondents had adopted cybersecurity control frameworks and/or methodologies, 45% stated they had not implemented a formal risk management program.
Moreover, approximately two-thirds of respondents had not updated information security or disaster recovery plans in at least two years. The challenges identified in these reviews likely apply across sectors, FEMA concluded.