Under 4% of US states are fully prepared to detect and recover from election-targeted cybersecurity incidents, according to research by Arctic Wolf.
The survey of state and local government leaders across the US found that 14.3% of states were ‘not at all prepared’ to deal with such incidents, with 42.9% only ‘somewhat prepared’ ahead of the 2024 US election cycle, which includes Presidential and other state and local elections.
Additionally, the research found that 16.1% of cities were not prepared at all, and 41.1% only somewhat prepared for election-based cyber-threats. Just 3.6% of city officials surveyed said that their city was fully prepared to detect and recover from election-targeted cyber incidents.
More than four in five (81.7%) of respondents anticipate that cyber incidents related to the 2024 elections in their jurisdiction will increase or stay the same compared to the 2020 Presidential Election. Only 2.9% believe that cyber incidents will decrease.
Despite these fears, over a third (36%) said their elections team has ‘somewhat’ or ‘very inadequate’ budget to address cyber concerns around the 2024 election cycle.
In addition, nearly a quarter (23.5%) of respondents said their election team does not receive election-specific cybersecurity awareness training, while 25.7% do not know whether such training is provided.
AI Exacerbating Election Cyber Threats
The top two election cybersecurity threats identified were disinformation campaigns (50.7%) and phishing attacks targeting election officials or staff (47.1%).
The researchers noted that the rise in AI technologies, particularly large language models (LLMs) like ChatGPT and deepfakes, are expected to be used by threat actorsto develop more sophisticated disinformation and phishing campaigns in this year’s election cycle.
AI algorithms can now be trained to analyze vast amounts of data, identify trends, and mimic human behavior on social media platforms, the researchers noted.
“By deploying AI-driven bots or deepfake technologies, malicious actors can flood online spaces with misleading narratives, fabricated stories, and manipulated media,” they added.
Additionally, the researchers said that AI-powered phishing attacks “can now craft hyper-personalized and convincing messages tailored to exploit the psychological vulnerabilities of individuals.”
Other prominent cybersecurity concerns expressed by the respondents were hacking attempts in the election process, websites or systems (45.6%), ransomware on election infrastructure (28.7%), technical glitches or failures (25%) and manipulation of election results or voter rolls (16.9%).
Who Will be Targeting the US Elections
While Russia was heavily linked to interference in the US 2020 elections, government officials ranked it behind China (30.1%) and internally in the US (19.9%) among the regions most likely to target the 2024 US election cycle through cyber-attacks.
The researchers said that “extreme partisanship” in the two-party electoral system in the US has increased concerns among election leaders that domestic groups with varying political motivations could target the elections through cyber campaigns.
“As the 2024 US elections approach, the fusion of foreign and domestic threats underscores the need for state and local governments to have a comprehensive cybersecurity strategy that includes heightened awareness, collaboration, and resilience from both sides of its borders,” they wrote.