Each October marks Cybersecurity Awareness Month across the United States, an initiative launched in 2004 by the Department of Homeland Security and the National Cybersecurity Alliance. This campaign is critical in raising awareness about digital security and equipping citizens, businesses and government entities with the resources to protect themselves from increased cyber threats.

The Rising Number of Cyber Threats

According to Cybercrime Magazine, cybercrime costs are currently $10.5 trillion annually and state and local governments have become prime targets for cybercriminals. These entities manage vast amounts of personally identifiable information - social security numbers, tax records, health data and financial information - making them attractive targets for theft and extortion. According to IBM, the average cost of a data breach in 2024 reached $4.88 million, but for government agencies dealing with citizens’ trust, the actual cost extends far beyond financial losses.

The summer of 2024 reminded us of how interconnected our systems are. When a software update failed, 8.5 million computers worldwide crashed, affecting government services, healthcare systems and critical infrastructure. Most revealing was discovering how many organizations relied solely on one cybersecurity solution, which contradicts the fundamental principles of cyber resilience.

Cybersecurity: Prevention to Resilience

Over the last few decades, the cybersecurity industry has been working to prevent attacks while acknowledging that no system is safe from threats. The shift in thinking from prevention to resilience combines robust security measures with comprehensive data protection and recovery strategies. It includes cloud-based backup storage, off-site data storage and detailed incident response plans. Organizations with high cyber resilience – those employing multiple security tools, managed security services and redundant systems—recovered quickly from the outage in the summer of 2024. Those without such measures faced extended disruptions and significant losses.

NASPO ValuePoint: Your Strategic Cybersecurity Partner

This is where NASPO ValuePoint can be an indispensable partner in state and local government cybersecurity strategies. Cooperative purchasing through NASPO ValuePoint offers more than cost savings - it provides access to comprehensive, competitively solicited cybersecurity solutions that individual agencies might struggle to procure independently.

NASPO ValuePoint maintains a portfolio of cybersecurity-related contracts specifically designed to address the complex needs of government entities, such as:

Cybersecurity & Information Security Services – This portfolio provides access to everything from vulnerability assessments and penetration testing to security operations center services and incident response capabilities.

Cloud Solutions – As governments increasingly migrate critical systems to cloud environments, securing these platforms becomes paramount. This portfolio provides access to secure, scalable cloud services with built-in security features.

Software VAR – Access to essential security software through value-added resellers, ensuring governments can acquire the latest security tools efficiently.

Data Communications Products & Services – Securing network infrastructure is fundamental to any cybersecurity strategy. This portfolio supports the backbone of secure government communications.

IT Research & Advisory Services – Expert guidance helps agencies navigate complex security decisions, conduct risk assessments and develop comprehensive security strategies aligned with frameworks like NIST and CISA guidelines.

Learning and Networking at NASPO/PPA Exchange 2026

The annual NASPO/PPA Exchange Conference, (March 9-12, 2026, in Lake Buena Vista, Florida) helps procurement professionals stay current by connecting them with industry leaders and peers for collaborative learning and networking.

Attendees can expect educational sessions covering the latest trends, compliance requirements and procurement strategies across various solutions. While Exchange isn’t focused solely on cybersecurity, attendees can explore NASPO ValuePoint’s cybersecurity contracts and attend educational sessions on many other essential current procurement topics. The conference also provides direct access to suppliers, allowing agencies to evaluate technologies, ask detailed questions and build relationships with potential partners.

Equally valuable are the networking opportunities - connecting with peers facing similar challenges, sharing lessons learned and discovering innovative approaches to common problems.

The Exchange Conference exemplifies NASPO's commitment to supporting the entire procurement lifecycle: not just contracts, but the knowledge, relationships and strategic thinking needed to make informed decisions that protect citizens and critical infrastructure.

A Call to Action

Threats will continue to evolve. Attackers will develop new tactics, exploit vulnerabilities and target new systems. By embracing cyber resilience, leveraging NASPO ValuePoint’s contracts to help build resilient cybersecurity strategies and participating in events like the Exchange Conference, state and local governments can build the defenses necessary to protect the systems and services citizens depend on. The question is not whether your organization will face a cyber threat—it's whether you'll be ready when it comes.