As seen from evidence presented throughout this book, local governments do a poor job of managing and practicing cybersecurity (see especially Chapters 5 and 6). Of course, this is not true of all local governments, but it is of too many. Many, if not most large, well-funded local governments understand the need for appropriate levels of cybersecurity and do their best to provide it by adequately budgeting and staffing this function. However, most local governments, at least in the US, are small and unlikely to meet this challenge effectively.¹

Unfortunately, small- and even mid-sized local governments typically have greater financial constraints than their larger cousins, and they cannot or will not fund and staff cybersecurity adequately. As a result of these and other factors, too many of them experience adverse cybersecurity events that might otherwise have been preventable. This is not to say that larger local governments do not experience such events, but those governments are typically better prepared to prevent and recover from cyberattacks.

13.1 Important Highlights from This Book

Adverse cybersecurity events, typically cyberattacks, incidents, and breaches (especially the latter) often result in the loss of data (e.g., PII but data of all sorts stored by local governments), shutdowns of critical public services, loss of money (either directly from theft or indirectly through the cost of recovery), public embarrassment, and more. In ...