The 2026 NASCIO-Deloitte Cybersecurity Study reveals a rapidly shifting environment where cyber threats are growing in scale and sophistication, with foreign adversaries and cybercriminals increasingly leveraging artificial intelligence to exploit vulnerabilities, even as states adopt AI to strengthen defenses. In response, CISOs are taking on expanded responsibilities—guiding AI governance, advancing “whole-of-state” cybersecurity approaches that support local governments, public education and critical infrastructure and safeguarding public data in an increasingly complex digital ecosystem. However, these growing demands are not matched by resources, as CISOs report tightening budgets and persistent workforce challenges. Drawing on insights from all 50 states, the District of Columbia and the U.S. Virgin Islands, the study highlights five key themes: an increasingly complex and AI-driven threat landscape, the need to modernize tools and regulatory frameworks, expansion of whole-of-state strategies, the evolving CISO role, and ongoing funding and workforce constraints—offering critical insights to guide state cybersecurity strategy and investment.
