On average organizations report that they share their data with 583 third parties, with 84% of that data classified as being critical or sensitive. However, those third-party numbers are even greater for local towns and cities.

Some of the larger U.S. cities often need to entrust thousands, or even tens of thousands, of third parties with sensitive information to support residential services like courts, taxes, and utilities. This has the potential to carry additional risk, making it crucial to identify, track and manage.


What is the current cybersecurity state of top U.S. cities?

A new research report, “The State of Cybersecurity of U.S. Cities”, by RiskRecon, set out to better understand the third-party risk management challenges currently facing the most populated U.S. cities in order to raise awareness about the visible risks and vulnerabilities.

Key Findings from the Report:

  • The average cybersecurity rating of top U.S. cities is 7.3 out of 10, a RiskRecon B rating.

While top U.S. cities received a 7.3 out of 10 (B rating) they still fall short of the Public Sector’s overall industry average of 7.7 out of 10 (B rating), and under the Finance and Insurance Industry gold-standard average of 8.0 out of 10 (strong B rating).

  • 110 of U.S. cities might lack proper cybersecurity protections.

With nearly 60% of the 271 cities examined having information security programs potentially sufficient to protect their data, the remaining 40% might face significant security gaps that could result in data compromise.

The report also further expands on over 31,859 details assessed by RiskRecon to determine the cybersecurity ratings of the top U.S. cities.

Download the report HERE to view the additional findings.

How can cities better address third-party risk?

As the number of digital connections between residents and their city governments grow exponentially, monitoring this ecosystem can be overwhelming. Investments in modernized tools that alleviate traditionally manual supply chain risk assessment processes can help these cities better identify and act on risk more quickly.

Unlike traditional cyber risk solutions, which only provide a “point in time” assessment of a given organization’s cyber health, more modern technologies can provide city governments with the ability to continuously monitor their IT stack.

Continuous monitoring is crucial as a lot can happen between assessments, even if they are conducted annually. For example, vendor data breaches could unknowingly compromise data, risking penalties from regulators due to delayed customer breach notification or critical vulnerabilities in third-party environments could go unaddressed, exposing dependent operations and data to compromise.

RiskRecon was built to help solve these challenges. Our automated continuous monitoring capabilities and processes enable top U.S. cities to achieve better risk outcomes by providing them with a more efficient way to measure, manage, and reduce third-party risk.

To learn more about the “Cybersecurity State of U.S. Cities”, download the REPORT.

To learn more about RiskRecon, request a DEMO.