Cybersecurity Heads Up NASCIO’s 2025 Top 10 CIO Priorities

The National Association of State Chief Information Officers (NASCIO) unveiled its 2025 State CIO Top 10 Prioritieswhich serves as a road map for government agencies by highlighting the policy and technology areas IT leaders will focus on in the coming year.

After surveying 50 state and territory chief information officers, cybersecurity claimed the top spot as the most critical priority, reprising its position in last year’s survey and emphasizing its importance in an increasingly digitally connected world.

“Cyber has been the [or one of] the top spots for over 12 years now, and I think that shows that cyber is the most integral part of a state CIO office,” Meredith Ward, NASCIO deputy executive director, told Government Technology.

She noted that while cybersecurity tied with digital government services in 2024, this year it stands alone at the top — a testament to its growing significance amid evolving threats. This year, the category also includes risk management at No. 1.

Artificial intelligence surged to the second position from third on last year’s list, to little surprise given its expansive impact in state services, particularly related to generative AI (GenAI). Ward says their organization “has and will continue to see an expansion of GenAI use in states and for many things.” The category also includes machine learning and robotic process automation (RPA).

Digital government and digital services took the third spot on the list — as exemplified in virtually every aspect of government technology today, from greater investments in citizen-centric public service platforms to the close scrutiny of water utility cybersecurity strategies over the past few months.

While many priorities on the list were not unfamiliar, one forged a new path onto the list for 2025. Accessibility debuted in the Top 10 this year for the first time, potentially driven by new compliance requirements.

“I believe this is solely due to the [Department of Justice] DOJ ruling and the impending 2026 and 2027 deadlines for states and localities,” Ward said, noting many states have been following these guidelines for years, but this is the first time widespread penalties will come into play if they’re not followed.

Budget and cost control being added to the priorities list is a bit of a dark horse; this category resurfaces on the list for the first time since 2021. Ward attributed the reappearance to cautious fiscal planning post-pandemic.

“In 2020, states braced for impact and anticipated less revenue because of the pandemic. Turns out the impact wasn’t as great as was anticipated and states were in a good financial position coming out of the pandemic,” she said. “All of this is cyclical and that’s what we are seeing now — states bracing for impact and being cautious to see what fiscal conditions will be next year.”

Another notable change was workforce dropping to ninth place from fifth in 2024. Ward said states are simply shifting strategies, and various aspects are impacting the change.

“States have made some progress in hiring, they are outsourcing functions, and they have dealt with it so long that they know workforce challenges are here to stay,” she said. “In 2025, I see reskilling and upskilling being big. I also expect skills-based hiring to expand.”

Other interesting new developments reflected in the 2025 list are legacy modernization falling one spot to No. 5, and identity and access management and cloud services each climbing up one spot from last year’s list — rising to No. 7 and No. 8 respectively. On an accompanying ranking, however, legacy fared far better. Among 2025 Priority Technologies, Applications and Tools, legacy application modernization/renovation ranked second behind AI/RPA.

The full list of priorities for 2025 is Cybersecurity and Risk Management; Artificial Intelligence, Machine Learning and Robotic Process Automation; Digital Government and Digital Services; Data Management and Analytics; Legacy Modernization; Budget, Cost Control and Fiscal Management; Identity and Access Management; Cloud Services; Workforce; and Accessibility.

Find more information on NASCIO’s CIO priorities at www.nascio.org.