Adoption of Cybersecurity Capability Maturity Models in Municipal Governments

Cyberattacks are increasing in diversity and volume placing information and communications technology (ICT) as well as physical assets at risk. Municipal governments operating as the provider of an interdependent network of e-government services, Information and Communications Technology, and Critical Infrastructure (CI) have a requirement to quickly, easily, and inexpensively secure their ICT systems and physical assets. In addition to other sources, this study sampled data from Canadian municipal government CIO’s using expert interviews followed by a web-based survey in the winter of 2015 to help inform both the development of a Cybersecurity Capability Maturity Model for Canadian municipalities and to provide recommendations pertaining to the adoption of such a model. The study confirmed the low level of recognition by Canadian municipalities regarding Cybersecurity Capability Maturity Models. This research will be of interest to CIOs of municipalities, providers of cybersecurity services, academic researchers, and those interested in securing critical infrastructure.