How states will spend $1B in new cybersecurity grants

Most states will require local governments to use a new $1 billion pool of cyber grant funding to implement cybersecurity training programs for their employees, according to a new survey.

Driving the news: Deloitte and the National Association of State Chief Information Officers released their biennial survey of state cybersecurity leaders on Monday, detailing what challenges they're facing and their cybersecurity strategies for the next year.

• This year's survey also sheds light on how state governments plan to tap into a recently launched cybersecurity grant program.
• Deloitte and NASCIO surveyed 53 states and territories' chief information security officers between May and June.

How it works: Through the new grant program, established via the bipartisan infrastructure law, states will apply to the federal government for a sliver of the available funds. Local governments will then apply to states for a portion of those funds.

• States will decide what local government projects they want to prioritize and approve.

By the numbers: Three in five state cyber leaders said they plan to dole out funding for local governments to implement some form of employee cybersecurity training, according to the survey.

• About half said they want to fund local government projects to conduct cyber risk assessments on their systems and implement security monitoring tools.
• Only 35% said they'd fund local government projects focused on login security tools, such as multifactor authentication, despite the increasing number of security breaches that have happened because a hacker found an employee's stolen password on the dark web.

The big picture: Most local governments don't have the resources to properly secure their own systems or to even prioritize cybersecurity in their budgets.

• The new grants are a way of helping local governments make cybersecurity a higher priority.

Sign up for Axios’ cybersecurity newsletter Codebook here.