There appears to be gaps in the California Department of Technology's knowledge about the state's overall security status.
The state auditor's office recommends the CDT increase capacity to conduct timely compliance audits, which are one of the primary tools to evaluate information security and entities under the Governor's direct authority. State auditors claim they can't confirm whether agencies are remaining under compliance with up to date information on security standards, with growing cyberattacks affecting the California agencies more frequently during the pandemic. Schools reportedly have had administrative systems hacked, while some medical centers have experienced ransomware attacks that affected employee payroll.
In the last decade, California state auditors have issued six high-risk audits of the CDT, have been been concerned about the growing susceptibility to cyberattacks within the state. The department has commented that the audit contains “misleading” data and “factual inaccuracies.”