Report Reveals Local Governments Face Surge in Ransomware Attacks with Minimal Resources

KnowBe4, the cybersecurity platform that comprehensively addresses human risk management, recently released new research highlighting the critical cybersecurity challenges facing state, local, tribal, and territorial (SLTT) governments. The report details how government organizations have become prime targets for cybercriminals while simultaneously facing severe resource constraints.

The data reveals that despite being the third most-targeted sector by ransomware in 2023, over 80% of SLTT organizations operate with fewer than five employees dedicated to cybersecurity. This staffing shortage coincides with a dramatic increase in cyberattacks, as evidenced by a 313% rise in security incidents reported in the MS-ISAC's 2022 survey. The situation is worsened by the recent cut of $10 million in federal funding for the Center for Internet Security (CIS), which supports crucial information sharing networks for government agencies.

Human error, often exploited through social engineering, remains the most common entry point for cyberattacks in 70-90% of cases. The limited staffing and resources highlight the need for cost-effective and low-maintenance tools to support government entities. KnowBe4's 2025 Phishing by Industry Benchmarking Report found that a year of security awareness training can reduce an organization's phishing susceptibility from approximately 33.1% to just 4.1% after one year of implementation. These findings underscore that effective human risk management offers resource-constrained organizations a powerful and affordable defense against the rising tide of cyberthreats.

Key findings from the report:

  • 70% of surveyed SLTT organizations cite lack of sufficient funding as their top security concern
  • More than 80% of government organizations operate with fewer than five dedicated cybersecurity employees.
  • Average ransom per attack reached $872,656 between 2018 and December 2024, with total costs exceeding $1.09 billion.
  • Security awareness training reduced phishing susceptibility from approximately 33.1% to just 4.1% after one year.

"The data tells an alarming story about state and local government cybersecurity readiness," said Erich Kron, Security Awareness Advocate at KnowBe4. "As these organizations grapple with constrained budgets and outdated infrastructure, they remain prime targets for cybercriminals. The surge in ransomware attacks underscores the need to build a more resilient security culture. It's crucial to prioritize human risk management, which has proven to be a powerful tool to counteract these rising challenges."

To download the "State and Local Cybersecurity: Facing New Burdens Amid Rising Threats" report, visit here.

Featured

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.