6.1 Introduction

Since the early 2000s, cybersecurity has become an essential function within organizations because entities of nearly all types and sizes are under constant or nearly constant cyberattack and routinely experience incidents and breaches (e.g., Verizon, 2019 Data Breach Investigations Report). This chapter examines data from the 2016 nationwide survey of cybersecurity among local governments in the US to examine these governments’ management of cybersecurity (Norris et al., 2020). Those data are supplemented with data from a 2018 survey (Hatcher et al., 2020) and a survey that one of this books’ authors conducted in 2020 (Norris, 2021).

As a result of an extensive literature review, it is clear that there are very few publications of any kind, especially scholarly works, on local government cybersecurity and exactly fewer still on local government cybersecurity management. This said, since at least the 1980s, if not earlier, scholars from various academic disciplines have shown that “management matters” in the world of information technology (IT) in local government (e.g., King and Kraemer, 1985; Kraemer and Dedrick, 1997; Kraemer et al., 1989)

More recently, scholars and professionals in the fields of computer science, information technology, and cybersecurity have concluded that management matters for cybersecurity as well. Indeed, it is now common for cybersecurity experts and practitioners, for example, to strongly ...