Improving State and Local Government Cybersecurity | Reports & Briefings | Apr 27, 2026

Staff Editor 2026-04-27
Improving State and Local Government Cybersecurity | Reports & Briefings | Apr 27, 2026

Improving State and Local Government Cybersecurity | Reports & Briefings | Apr 27, 2026

https://itif.org/publications/2026/04/27/improving-state-local-government-cybersecurity/

Publish Date: 2026-04-27 00:02:00

Source Domain: itif.org

Contents

Key Takeaways 1

Introduction. 3

State and Local Governments Face Increased Cybersecurity Risk. 4

State and Local Government Cybersecurity is Fragmented, Underfunded, and Unprepared. 9

Recommendations 15

Conclusion. 20

Endnotes 21

Cyberattacks in the United States have surged in frequency and impact since the start of this decade, with the country facing several hundred on any given day.[1] The proliferation of digital systems and interconnected infrastructure has widened the attack surface, while adversaries have become more organized and technologically advanced, increasing the sophistication of their methods. These trends amplify both the scale and severity of incidents, making recovery costlier and disruptions more prolonged. These attacks strike federal, state, and local governments nationwide regardless of size or location, putting personal data, critical infrastructure, essential government services, and business operations at risk.

State and local governments now stand on the front lines of a rapidly changing cyberspace, facing a range of cyberthreats, from opportunistic attackers exploiting basic security weaknesses to organized groups using advanced techniques. Underfunded IT departments, aging critical infrastructure sectors, and a chronic shortage of cybersecurity professionals leave many state and local governments exposed. At the same time, cybercriminals, organized groups, and nation-state adversaries such as Russia, China, and Iran are deploying increasingly sophisticated tools to exploit these weaknesses. Recent incidents demonstrate the scope of these threats, including the 2023 ransomware attack on Dallas, Texas,  which disrupted police, fire, and court systems and exposed 30,000 residents’ data; the attack on Oakland, California, that compromised 600 gigabytes of the city’s employee data; the 2024 Salt Typhoon infiltration of U.S. telecommunications networks such as Verizon and AT&T; and the 2025 PowerSchool breach that exposed personal…

Source

More Stories

Project Glasswing: Key cybersecurity agencies set to get access to Anthropic’s Mythos | Business News

Project Glasswing: Key cybersecurity agencies set to get access to Anthropic’s Mythos | Business News

Staff Editor 2026-06-06
Did Insight’s New AI Cybersecurity Service and Credit Tweaks Just Reframe Insight Enterprises’ (NSIT) Growth Story?

Did Insight’s New AI Cybersecurity Service and Credit Tweaks Just Reframe Insight Enterprises’ (NSIT) Growth Story?

Staff Editor 2026-06-06
OpenAI Introduces Lockdown Mode To Combat AI Data Exfiltration Risks Amid Growing Prompt Injection Threats

OpenAI Introduces Lockdown Mode To Combat AI Data Exfiltration Risks Amid Growing Prompt Injection Threats

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy