State CISOs Report Declining Confidence Amid Surge in AI‑Enabled Cyber Threats
What Happened — A 2026 NASCIO‑Deloitte survey reveals that only 22 % of state chief information security officers (CISOs) feel “extremely or very confident” their data is protected, a steep drop from 48 % in 2022. The decline is driven by AI‑accelerated attacks, shrinking budgets, and expanding attack surfaces, with local government and public higher‑education entities expressing the greatest concern.
Why It Matters for TPRM —
- AI‑enabled attacks raise the probability of third‑party data exposure and supply‑chain compromise.
- Diminished confidence signals gaps in vendor‑risk governance that can cascade to downstream partners.
- State procurement contracts often embed security clauses; weakened posture may trigger non‑compliance penalties.
Who Is Affected — State governments, local municipalities, public universities, and any third‑party vendors providing software, cloud services, or managed security to these entities.
Recommended Actions —
- Re‑evaluate AI‑related controls in existing vendor contracts.
- Require vendors to disclose any generative‑AI features enabled in their products and supply a risk assessment.
- Embed AI‑specific security metrics into continuous monitoring and third‑party risk programs.
Technical Notes — The study cites AI‑driven phishing, automated exploitation of known vulnerabilities, and rapid weaponization of existing flaws as primary vectors. No specific CVEs are listed, but the trend underscores the need for AI‑aware detection, governance, and incident‑response capabilities. Source: https://www.databreachtoday.com/state-cisos-are-losing-confidence-as-ai-threats-surge-a-31564