Key Points:
- Arkansas is increasing its cybersecurity measures in response to a significant rise in cyberattacks against state and local government.
- The Arkansas Cyber Response Board has been formed to oversee a self-funded insurance program protecting against damages caused by cyberattacks.
- Legislation has been passed to encourage improved use of technology and focus on cybersecurity within local governments.
Arkansas has experienced a surge in cyberattacks against its state and local government, with 130 reported instances over a 12-month period — more than double the previous year’s rate. Due to the importance and sensitivity of data stored within government databases, strengthening security measures against such threats is vital. Major cyberattacks in the past have caused significant disruption, including a ransomware attack against a vendor supporting 72 Arkansas counties and an attack on the Little Rock School District.
Following these incidents, the state’s legislature passed two key measures to bolster its cybersecurity response. Firstly, the establishment of the Arkansas Cyber Response Board via Act 846, which will oversee a self-insured program offering protection from damages resulting from cyberattacks. To be eligible for this program, participating governmental entities must meet certain security standards within their computer systems.
The second measure, Act 504 of 2023, mandates that local governments establish and implement policies relating to their utilization of technology and approach to cybersecurity. This legislation acts to ensure that cybersecurity is a central focus for all governmental parties in the state.
In 2019, Act 1085 was also passed, which authorized the Arkansas Economic Development Commission to establish a Cyber Initiative. This initiative aims to support private businesses through shared research and collaboration with governmental security systems, thereby further strengthening cybersecurity state-wide.
Cyberattacks pose severe economic consequences, with the Arkansas Economic Development Commission stating that typical attacks cost small companies around $38,000 eight years ago, leading to half of these companies going out of business within six months from the data breach.
Moreover, many institutions, including Southern Arkansas University and the University of Arkansas system, now offer multiple degrees and certificates in cybersecurity, indicating a long-term commitment to combating these cyber threats.