Cybersecurity Threats in Local Government: A Sociotechnical Perspective

Abstract

The use of information and communication technologies (ICTs) by local governments is widespread and meant to improve managerial effectiveness and public engagement. ICTs are commonly used by governments to collaborate and communicate with stakeholders. Yet, the use of ICTs increases local governments exposure to cyberthreats. Cyberthreats are increasing and local governments are often under-resourced and underprepared for them. While many organizations combat cyberthreats with technological solutions, it is well known that social aspects-including manager vigilance and buy-in-are critical in reducing cyber incidents. Thus, governments require both social and technical solutions to cyberthreats. This research takes a sociotechnical perspective to examine the relationships between social (e.g., values and perceptions) and technical factors (e.g., design and capacity) and cyber incidents in local government. We use data from a 2018 national survey of public managers in 500 U.S. cities, data from city government websites, and the U.S. Census. The results indicate that manager buy-in and perceptions interact with technical aspects to explain reported cyber incidents in government. The findings expand our understanding of how social and technical factors are associated with cyberthreats in government, particularly manager.