We put the IT in city®

CitySmart Blog

Wednesday, May 23, 2018
Sarah Northcutt, Client Services Manager
Sarah Northcutt

Sound harsh? Ask the City of Atlanta. Based on audit recommendations that they apparently did not follow, the city ended up spending almost $5 million to recover from a ransomware attack. For a city that serves a population of about 470,000 people, that kind of underinvestment (and potential negligence) negatively impacts the mission of serving citizens.

Compared to Atlanta, you might think your city’s size makes IT less important. Not so. In today’s world, IT has become the backbone and an essential utility for most organizations. But unlike traditional utilities, many cities think they can get by with underinvestment in something so crucial to city operations.

Waiting for an IT-related disaster or disruption before you invest is simply negligent. And the public can grow cynical about your city when they realize that suddenly you found money in your budget to pay for IT after a disaster. It tells them you did have the money all along but chose not to spend it...why? Why operate with that risk?

While there are many repercussions to underinvesting in information technology, here are some of the biggest ways that not spending the necessary money will doom your city to fail.

1. Increased risk of permanent data loss and the inability to recover critical data

Many cities still underinvest in a quality, comprehensive, working data backup and disaster recovery solution. Hardware fails. Disasters like flooding, fire, or tornadoes happen. Ransomware may encrypt your data so that you lose access to it forever.

So what happens in such likely scenarios? If you’ve underinvested, you risk permanently losing data. Cities need a data backup and disaster recovery solution that involves an onsite component (for quick time-to-recovery after minor incidents such as a server failure) and an offsite component (for recovering after a disaster or major incident). Your solution also needs regular testing to make sure it’s working.

2. Increased risk of data breaches and ransomware

Underinvesting in information technology likely means you are not investing in cybersecurity. In 2018, the risk of a data breach is higher than ever—and yes, cities are prime targets for hackers. Weak cybersecurity includes:

  • Reactive IT support (such as only spending money when something breaks)
  • Lack of proactive monitoring and alerting for issues
  • Lack of regular software patching and updates
  • Lack of regular training
  • Lack of enforced policies
  • Using free or consumer-grade antivirus software

Even under the best of circumstances, a data breach is costly. But if you underinvest in IT, you increase your risk of a data breach, higher “dwell time” (a term that indicates how long hackers have been inside your system without you knowing it), and damage to citizens (such as identity theft).

3. An inability to comply with laws and regulations

Laws and regulations govern the way you handle and protect information. Open records laws. Records retention policies. Body camera video storage. Protecting personally identifiable information (PII). State laws such as the Arkansas Legislative Audit.

While some laws don’t explicitly force you to invest in specific information technology solutions, the implicit meaning is that you still need to protect information. Otherwise, you can be subject to fines, penalties, and lawsuits from not following laws governing information related to taxes, public safety, payments, personnel, and open records requests.

4. Negatively impacting public safety

Your police officers put their lives and safety on the line every day. Not backing them up with information technology puts them at risk, makes their jobs harder, and compromises their mission to keep the public safe.

That safety extends to a citizen’s protection. The data you collect and retain—police reports, body camera video footage, evidence as part of a criminal investigation—is crucial for helping people in court who are prosecuting someone or defending themselves. Data loss or lapses in data integrity can harm other people.

5. Negatively impacting citizen services

From business licenses and permits to paying taxes and utilities online, citizens rely on cities for a variety of services. Additionally, citizens are also served by public safety, city hall, public works, parks and recreation, and other departments and functions. When your information technology fails or slows your operations to a crawl, you are unable to effectively serve citizens. This does not leave a good impression on residents and businesses—who may get fed up and loudly exercise their freedom of speech at city hall and council meetings, on social media, or talking with the press.


Do you still think it’s worth skimping on your information technology? By not doing something, by not investing properly in the right amount of information technology, you risk negligence. And the consequences of negligence go far beyond just unexpectedly massive, reactive expenses.

Ready to assess your current IT spending? Reach out to us today.