In 2022, I wrote an article explaining, HB 7055, which was new cybersecurity legislation passed that year.
The law’s goal was to drive local governments to improve their cybersecurity posture and stop them from paying ransoms to resolve a ransomware attack. In order to help cities and counties comply with the new law, the legislature introduced a sizeable grant program to be administered by Florida Digital Service (FLDS), a division of the Florida Department of Managed Services (DMS). Designed to provide critical capabilities to secure data and infrastructure, the program is the first of its kind in the United States.
Florida set aside $30 million in the first year ― less than 1/1000 of the state’s total budget ― to provide local government entities with cybersecurity services and software that the state purchased at highly discounted rates. By consolidating the purchases across a pool of vendors, local governments are getting about ten times the cybersecurity capabilities for the investment made. In other words, for a $20,000, investment, which could otherwise purchase nothing meaningful, the local government entity received about $200,000 worth of software and services. That is enough to provide impactful protection for smaller entities.
Due to the immediate success of the grant program, the Florida legislature increased the allocation to $40 million for the 2024–2025 fiscal year.
According to the Florida Local Government Information Systems Association (FLGISA), more than 200 local governments in Florida, ranging vastly in size and complexity, have taken advantage of the program so far. They are far more secure today than they were prior to this program. Most of the capabilities purchased through the program are not one-time costs but rather recurring, annual expenses. Local governments are expected to move away from grant funding over time and begin to fund their own cyber capabilities.
Rob Beach, Chief Technology Officer for the City of Cocoa and FLGISA President explains: “The state has a vested interest in this program as well. Local governments at many levels connect to state networks, applications, databases and systems. As such, a breach at the local level can easily spread to the state with devastating and costly consequences.”
“As an added bonus, the local governments participating in the grant program now share telemetry and threat intelligence with the State’s security operations center, helping make the entire state more secure,” Beach added.
Hackers look for the easiest point of entry on a network and then move across it laterally to gain access to their desired target. That’s why the State of Florida must continue to partner with local governments to ensure their cyber readiness.
The 2022 legislation also required local governments to adopt a standard cybersecurity framework, such as those developed by the National Association of Standards and Technology (NIST) or the Center for Internet Security (CIS). These frameworks provide an objective measure of cyber readiness across all state and local governments and define stages of maturity. The frameworks establish a starting point and encourage growth toward a more mature, robust cyber posture.
Finally, the 2022 law established timely reporting requirements so the state is aware of any incidents and/or breaches that occur. This is important to mitigate damage and minimize cost from an attack. The state can intervene or assist, if needed.
How do we know the program is working? There are several vendors that provide capabilities through the grant program, and data points they have shared speak to the program’s success. Reliaquest, for example, provides sophisticated monitoring services for state agencies and local governments in Florida. In the past year, specifically among local government customers, they detected over 6,000 potential threats and blocked around 800 attacks that were confirmed to be malicious.
Armis, another vendor that participates in the grant program, secures critical infrastructure by identifying, monitoring and securing unmanaged devices. Their platform secures, in addition to IT devices, Internet of Things (IoT) devices, such as video cameras and televisions, and Operational Technology (OT), such as those used in manufacturing and water management systems. These devices are often overlooked and provide easy access to government networks. According to a spokesperson from Armis, “A single statewide threat hunt completed by their platform took under an hour and prevented an estimated $210 to $450 million in potential damages across fifteen state and local government entities.”
Just last week, the city of St. Paul, Minnesota just suffered a serious cyber attack, which is expected to cost the city millions of dollars. According to a 2022 study by cyber vendor, KnowBe4, ransomware alone cost state and local governments $18.9 billion in downtime and recovery costs in 2020. Cities that have suffered attacks in recent years report costs as much as $18 million to recover from a single attack. Given the numbers reported, it’s easy to calculate the enormous value of this program to Florida taxpayers.
The grant program has been funded through the state’s general revenue, leaving it particularly vulnerable to cuts. Unfortunately, in the 2025–2026 budget, which just went into effect on July 1, 2025, the cybersecurity grant program suffered a significant reduction and was funded at only $15 million. An additional $2 million rolled over from the prior year, bring the total to $17 million available for the fiscal year.
As one of the few members of the legislature that has a cybersecurity background, I am committed to finding a more secure and predictable way to fund the grant program in future budget cycles until our local governments are self-sufficient.
Few government programs have been this successful and returned so much value to taxpayers. I applaud the legislators, such as Mike Giallombardo, who sponsored the 2022 legislation, current and past technology leaders in the Florida Digital Service for their innovation, and groups like FLGISA that drove adoption in our local governments.
Monique Miller is CEO of Fortify Cyber AI and a State Representative for District 33, which covers parts of Brevard County.
