ILLINOIS (KFVS) - On Monday, August 7 Illinois Governor Bruce Rauner signed House Bill 2371, requiring all State of Illinois employees to undergo annual cybersecurity training to understand the risks of cyber threats and learn the best practices to defend against these attacks.
With the new program information systems that support the delivery of critical state services and contain the personal information of taxpayers will be safeguarded. It will facilitate a more cyber-aware state workforce.
State employees must be able protect themselves and the state from the impact of cyber-attacks. This legislation is another advancement in the governor's vision for a cyber-secure Illinois to better protect the personal information of state residents and ensure critical state services are not interrupted.
"Employees are our first line of defense," Gov. Rauner said. "Ensuring that our staff is properly trained against cyber threats is vital to protect Illinois' services and information. Cybersecurity is no longer just an IT issue. It is a public safety issue, and we will do all we can to protect the residents and infrastructure of our state."
With this legislation, Illinois becomes the 15th state to adopt a mandatory cybersecurity awareness training for state employees. States are increasingly the targets of attacks, and security threats pose a daily risk in the state's ability to serve taxpayers and protect critical and confidential information.
The Department of Innovation & Technology (DoIT) will implement the training program and recently released the State of Illinois Cybersecurity Strategy. Their objectives are to protect the state of Illinois information and its systems, reduce cyber risk, provide best-in-class cybersecurity capabilities and ensure an enterprise approach to cybersecurity. Cyber-awareness training is a key component of the strategy.
"The State of Illinois' digital transformation is placing Illinois in a leadership role across the nation in areas such as the use of mobile technologies, capturing the value of data and becoming the first state to establish itself as a Smart State," Hardik Bhatt, DoIT secretary designate and chief digital officer said. "Along with our impressive technological progress comes a responsibility to simultaneously increase our cybersecurity efforts to defend our state from cyber-attacks."
Doug Robinson, Executive Director of the National Association of State Chief Information Officers supports the efforts of states to increase cybersecurity.
State employees are on the firing-line of protecting digital assets of the state. NASCIO has repeatedly advocated that states make cybersecurity training and awareness for employees a priority. By mandating cybersecurity training, the leadership in the State of Illinois is making a serious statement about their commitment to reducing risks," Robinson said.
According to a study by the Ponemon Institute and IBM Security, the average total cost of a data breach among the 419 companies they surveyed was $3.62 million. Cybersecurity awareness training and re-enforcement programs cost less than $5 per person and offer a cost avoidance of around $184 per user. Additionally, these training programs are believed to significantly reduce the risk of cyberattacks, offering a significant preventative cost savings to the taxpayers of Illinois.