When we hear of security breaches, it usually involves a major retailer or some credit card company, and we subconsciously hope we’re not involved. But when a security breach hit the Texas State Comptroller’s office, Texas lawmakers snapped to and got involved. The Chair of the House Committee on Urban Affairs, State Rep. Carol Alvarado, asked the question everyone else was wondering.
"Who's keeping the lights on? That's the bottom line if there is a cyber security attack," Alvarado asked Austin TV station KVUE. "How soon can you restart? How soon can you reboot? What is the emergency plan?"
It’s a legitimate question that keeps a lot of smart people up nights, and Texas isn’t waiting for the next incident to happen.
KVUE reports that a survey by the Texas Municipal League found 56 percent of 144 responding cities protected themselves by backing up and encrypting critical information and regularly updating anti-malware software. That’s the good news. But on the downside, less than 40 percent have outlined a specific cyber security policy and only 22 percent include cyber incidents as part of their disaster recovery plan. That’s a recipe for disaster.
"A major concern is that cities do not have an advisory group to help educate city leaders on this issue," said Texas Municipal League policy analyst JJ Rocha, sharing the survey's findings with the committee.
The problem is endemic to both business and government. In recent testimony before the House Committee on Government Transparency and Operation, it was noted that just seven to eight percent of the average business IT budget goes to cyber security, and the average government entity devotes between only one and two percent.
“A 2015 KVUE investigation discovered cyber incidents cost Texas taxpayers $8.7 million in 2014, up 240 percent from the year before,” the TV station noted.
House Committee on Urban Affairs Chair Alvarado summed it up best: “This is a new topic for many of us, so we're learning on how to best be prepared and how to respond.”