FRANKFORT – Cybersecurity is now considered a top safety concern in our state and nation, members of the Interim Joint Committee on State Government were told yesterday.
State governments have recently been targeted by cyber criminals because of the large amount of personal information they store, Harry Raduege, Chair of the Deloitte Center for Cyber Innovation, told lawmakers. “States really have the most comprehensive information about citizens,” he said.
Raduege said the loss of such sensitive information not only impacts citizens’ trust, but could also negatively impact state business by affecting services to constituents and creating unplanned spending.
A 2011 study estimated that a data breach costs $194 per record, Tom Pageler, Chief Information Security Officer for Docusign, said. One breach could cost state government tens of millions of dollars, he said.
According to Pageler, hackers are becoming more organized, invasive and advanced in their attacks. “The risk is increasing every day,” he said.
The increased risk calls for more diligence in protecting information in the ever-changing cyber environment, Pageler said. He encourages advanced encryption of all data stored electronically as one of the best safeguards against cyber fraud of state government.
State Auditor Adam Edelen told lawmakers that encryption of all state data is part of the Commonwealth Office of Technology’s business plan and should be complete in three years. Some of the state’s data is already encrypted, he said.
In response to a question from Sen. Joe Bowen, R-Owensboro, about the cost of cybersecurity, Edelen told lawmakers the process can be expensive, but is still significantly cheaper than dealing with a security breach after it happens.
Edelen asked lawmakers to consider legislation in the 2014 session that would mandate individuals be contacted anytime their personal information is compromised. Kentucky is only one of four states that doesn’t have a breach notification law, he said.
Committee co-chair Rep. Brent Yonts, D-Greenville, said he was interested in pursuing cyber security legislation.
“This affects not only every aspect of state government, but also our personal lives,” he said. “I believe you’ve got our attention.”