Law requires cybersecurity training for state employees to strengthen the state’s defense against cyberattacks
CHICAGO (Aug. 7, 2017) – Today, Gov. Bruce Rauner signed House Bill 2371, requiring all State of Illinois employees to undergo annual cybersecurity training to understand the risks of cyber threats and learn the best practices to defend against these attacks. The program will help safeguard the information systems that support the delivery of critical state services and contain the personal information of taxpayers by facilitating a more cyber-aware state workforce.
Hackers and cyber criminals continually grow more sophisticated in their attempts to steal sensitive data and infect state computer systems. It is crucial that state employees have knowledge to protect themselves and the state from the impact of cyber-attacks. This legislation is another advancement in the governor’s vision for a cyber-secure Illinois to better protect the personal information of state residents and ensure critical state services are not interrupted.
“Employees are our first line of defense,” Gov. Rauner said. “Ensuring that our staff is properly trained against cyber threats is vital to protect Illinois’ services and information. Cybersecurity is no longer just an IT issue. It is a public safety issue, and we will do all we can to protect the residents and infrastructure of our state.”
The Department of Innovation & Technology (DoIT) is charged with implementing the training program and recently released the State of Illinois Cybersecurity Strategy. Key objectives include protecting state of Illinois information and systems, reducing cyber risk, providing best-in-class cybersecurity capabilities and ensuring an enterprise approach to cybersecurity. Cyber-awareness training is a key component of the strategy.
Hardik Bhatt, DoIT secretary designate and chief digital officer said, “The State of Illinois’ digital transformation is placing Illinois in a leadership role across the nation in areas such as the use of mobile technologies, capturing the value of data and becoming the first state to establish itself as a Smart State. Along with our impressive technological progress comes a responsibility to simultaneously increase our cybersecurity efforts to defend our state from cyber-attacks.”
Doug Robinson, Executive Director of the National Association of State Chief Information Officers supports the efforts of states to increase cybersecurity. “State employees are on the firing-line of protecting digital assets of the state. NASCIO has repeatedly advocated that states make cybersecurity training and awareness for employees a priority. By mandating cybersecurity training, the leadership in the State of Illinois is making a serious statement about their commitment to reducing risks.”
With this legislation, Illinois becomes the 15th state to adopt a mandatory cybersecurity awareness training for state employees. States are increasingly the targets of attacks, and security threats pose a daily risk in the state’s ability to serve taxpayers and protect critical and confidential information.
According to a study by the Ponemon Institute and IBM Security, the average total cost of a data breach amongst the 419 companies they surveyed was $3.62 million. Cybersecurity awareness training and re-enforcement programs cost less than $5 per person and offer a cost avoidance of around $184 per user. Additionally, these training programs are believed to significantly reduce the risk of cyberattacks, offering a significant preventative cost savings to the taxpayers of Illinois.
###
