Local Government Cybersecurity: A Theoretical Model

Laura Mateczun, JD, MPS, PhD

12-1 ET Friday, Feb. 6, 2026, online via WebEx

Local governments in the United States face growing cybersecurity threats but often operate with limited resources, inconsistent policy implementation, and varied technical capacities. Despite increasing attention to cybersecurity in the public sector, few empirical studies have examined the underlying relationships that shape cybersecurity management at the local level. This research addresses that gap by using Exploratory Factor Analysis (EFA) and Confirmatory Factor Analysis (CFA) to identify and validate latent factors that characterize cybersecurity practices among local governments.

Drawing on survey data collected in 2016 and 2022, this study empirically validates a six-factor model encompassing Training, Policies, Actions, Awareness, Support, and Tools. The findings suggest that cybersecurity readiness in local governments is best understood as a multi-dimensional construct driven by governance, including organizational behavior and leadership engagement, rather than by technology alone. Strong factor structures for training, awareness, and support highlight the central role of human-centered factors, while weaker results for the tools factor suggest variability in technical implementation and maturity.

The findings have theoretical and practical implications. Theoretically, this research advances the emerging field of local government cybersecurity management by providing a validated model structure. Practically, it identifies specific areas for improvement, including the need for more targeted and recurring training, stronger alignment between specific cybersecurity actions and policy development, more consistent adoption of tools, and greater cross-departmental collaboration. The research also addresses limitations related to sampling, model modifications, and non-longitudinal design, and proposes directions for future research, including structural equation modeling and longitudinal studies, to refine further the theory of cybersecurity management among local governments.

Laura Mateczun is the associate director of Digital Trust and assistant director of the UMBC Cybersecurity Institute at UMBC, where she also serves as a visiting assistant teaching professor in the Department of Computer Science and Electrical Engineering. She is also the director of UMBC's Cybersecurity Clinic, which connects students with opportunities to support public organizations across Maryland in addressing real-world cybersecurity challenges. In 2025, she earned the PhD in public policy at UMBC working under Dr. Lauren Hamilton-Edwards.

Support for this event was provided in part by the National Science Foundation under SFS grants DGE-1753681 and 2438185. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm.  All meetings are open to the public.