New Illinois Legislation Requires Cybersecurity Training for all State Employees

Illinois has become the 15th state to require cybersecurity training for all state employees.

Illinois House Bill 2371 requires all executive branch State of Illinois employees responsible to the Governor, not including public university employees, to undergo annual cybersecurity training to understand the risks, threats and best practices to defend against cyber threats."

"Employees are our first line of defense," Gov. Rauner said. "Ensuring that our staff is properly trained against cyber threats is vital to protect Illinois' services and information. Cybersecurity is no longer just an IT issue. It is a public safety issue, and we will do all we can to protect the residents and infrastructure of our state."

The Department of Innovation & Technology (DoIT) is charged with implementing the training program and recently released the State of Illinois Cybersecurity Strategy. Key objectives include protecting state of Illinois information and systems, reducing cyber risk, providing best-in-class cybersecurity capabilities and ensuring an enterprise approach to cybersecurity. Cyber-awareness training is a key component of the strategy.

Hardik Bhatt, DoIT secretary designate and chief digital officer said, "The State of Illinois' digital transformation is placing Illinois in a leadership role across the nation in areas such as the use of mobile technologies, capturing the value of data and becoming the first state to establish itself as a Smart State. Along with our impressive technological progress comes a responsibility to simultaneously increase our cybersecurity efforts to defend our state from cyber-attacks."

Doug Robinson, Executive Director of the National Association of State Chief Information Officers supports the efforts of states to increase cybersecurity. "State employees are on the firing-line of protecting digital assets of the state. NASCIO has repeatedly advocated that states make cybersecurity training and awareness for employees a priority. By mandating cybersecurity training, the leadership in the State of Illinois is making a serious statement about their commitment to reducing risks."

With this legislation, Illinois becomes the 15th state to adopt a mandatory cybersecurity awareness training for state employees. States are increasingly the targets of attacks, and security threats pose a daily risk in the state's ability to serve taxpayers and protect critical and confidential information.

According to a study by the Ponemon Institute and IBM Security, the average total cost of a data breach amongst the 419 companies they surveyed was $3.62 million. Cybersecurity awareness training and re-enforcement programs cost less than $5 per person and offer a cost avoidance of around $184 per user. Additionally, the training programs are believed to significantly reduce the risk of cyberattacks, offering a significant preventative cost savings to the taxpayers of Illinois.

https://www2.illinois.gov/Pages/news-item.aspx?ReleaseID=14671

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

A head of state needs heart surgery at your facility. High-profile members of a national sports team are getting updated vaccinations. What do you do when you get the call?