States have typically employed a federated model for cybersecurity, where each public sector organization is responsible for securing its own critical applications. This approach lacks a comprehensive statewide perspective on visibility and risk management, making it difficult for government leaders to identify and prioritize risks effectively. As cyber events increasingly threaten public sector organizations, there is a shift toward a whole-of-state model that enhances visibility and risk reduction across the state's infrastructure.

State and local governments are moving towards collective defenses, collaborating with both public and private organizations to strengthen their security resources. Initiatives like the State and Local Cybersecurity Grant Program, which allocates $1 billion over four years, aim to support the implementation of cybersecurity best practices. Additionally, programs like the Arizona Statewide Cyber Readiness Grant Program provide technical assistance and security software to help vulnerable communities reduce infrastructure risks.

One of the primary challenges is navigating outdated regulations and policies that hinder agility in procurement processes. Delays in acquiring cybersecurity solutions can leave at-risk systems vulnerable for longer periods. Fast procurement is essential for leveraging grants and funding with short expiration windows. According to a study on AWS Marketplace, organizations can save 66% of the time typically spent on procurement, allowing them to access necessary resources more quickly and enhance their defenses against cyber incidents.