Cybersecurity — a leadership readiness opportunity

Florida has earned a national reputation for preparedness. When hurricanes approach, our leaders mobilize quickly, coordinating emergency operations, issuing clear guidance, and protecting critical services. But there is a different threat accelerating across the state that demands the same level of readiness: cyberattacks.

Experts warn that in today’s highly connected world, cyberattacks are inevitable. As such, they encourage leaders to prepare themselves and their companies for WHEN, not IF an attack occurs.

As Floridians have done for decades when it comes to hurricanes, the key to preparedness is to better address and understand the underlying issues. This is why it’s crucial that elected leaders and municipalities learn about the cybersecurity issues that will inevitably affect their workplaces and communities.

One example of how cyber incidents can disrupt everyday life is the scam text campaign sent to SunPass users. This scam involved sending fake text messages to thousands of SunPass users, fraudulently claiming they had an outstanding balance on their account. The text message included links to fake websites designed to steal personal and financial information.

Cyber-attacks like these are a reminder that such incidents disrupt daily life and expose residents and institutions to enormous legal, financial, and operational risks.

Here’s the uncomfortable truth: the biggest vulnerability in a cyber crisis is rarely a piece of software. It’s leadership, operations, and readiness.

When systems go down, it’s not just an IT problem. Courts still need to function. Utilities and public safety services must remain operational. Citizens still need access to benefits, healthcare, and critical information. And public trust, which is hard won and easily lost, must be protected. In moments like these, the most consequential decisions are made in conference rooms by executives, agency heads, and elected officials who must weigh public communication, continuity of operations, legal exposure, and recovery strategy in real time.

This is why Florida’s most effective cyber defense cannot be limited to technical fixes alone. Cyber resilience is fundamentally a governance issue and an essential part of the continuity of essential government services.

To Florida’s credit, state leaders have begun acting with urgency. In 2023, Florida adopted Statute Section 282.3185 and committed significant resources to ensure public-sector leaders are prepared. However, funding is only part of the solution. Cybersecurity awareness and preparedness depend on whether leaders show up, learn the playbook, and build the muscle memory to respond under pressure.

That’s why executive-focused training matters, especially for decision-makers without a technical background. Through FIU’s Jack D. Gordon Institute for Public Policy, Florida offers a groundbreaking, state-funded cybersecurity training program designed specifically for this cohort. Intentionally non-technical, this program trains leaders to make the decisions they must before, during, and after a cyber incident.

Of the three universities selected to deliver this training statewide, FIU has emerged as one of the state’s strongest partners and the only university offering a robust, in-person executive training program, which is shared with other state and local colleges. Additionally, the program’s virtual platform offers a wide range of topics, including third-party vendor management, risk management, security governance and policies, cybersecurity leadership for critical infrastructure, and more.

What sets FIU apart is not just scale: it‘s intentional design.

One of the most important design choices is that no IT experience is required. As Senator Anitere Flores, Associate Director for Cybersecurity Leadership & Strategy at the Gordon Institute, put it: “The best aspect of our program is that no IT or cybersecurity experience is required. We emphasize that every executive, manager, and employee has a role to play in preventing cybercrime.” That emphasis matters because cyber incidents are rarely confined to technology teams. They trigger cascading impacts: operational paralysis, reputational damage, legal exposure, and service disruption, exactly the kind of cross-functional crisis where leadership coordination is the difference between containment and chaos.

And this training program is not theoretical. Leaders who complete the training describe the impact in practical terms. Sen. Ana Maria Rodriguez, an FIU alum representing Florida’s 40th District, shared: “This training really changed the way I think about cybersecurity risks. The hands-on approach provided me with practical knowledge I could immediately apply to protect the community that I serve.” That kind of shift, from abstract awareness to decision-ready confidence, is exactly what Florida leaders and elected officials need to prepare for cyber threats.

The momentum is already noteworthy. Since launching in 2023, FIU has facilitated training for nearly 8,000 public-sector executives, reaching leadership in all 67 counties in recent months and engaging agencies that span Florida’s operational backbone. FIU also reached a milestone by training leaders from the Seminole Tribe of Florida, extending the state-funded leadership effort to tribal governance. Those milestones point to a larger lesson: preparedness becomes real when it is accessible, practical, and built for the people who actually drive response and recovery.

Still, Florida cannot afford complacency. A cyber crisis is not only a technical disruption, but also a leadership test. In moments when budgets are tight and agencies are stretched, the temptation will be to treat executive readiness as a “nice to have.” It is not. Leadership training is one of the highest-return investments in resilience because it reduces confusion, accelerates decision-making, and improves coordination when every minute matters.

If Florida wants to remain a model for preparedness, we should treat cyber resilience with the same seriousness we bring to hurricanes: train leaders, rehearse decision pathways, and embed readiness as a core responsibility of governance. Citizens deserve a public sector that can continue operating through a digital crisis, delivering services, maintaining public safety, and preserving trust.

The question is no longer whether cyberattacks will happen. The answer depends on whether Florida’s leaders will be ready to govern decisively through them.

FIU’s program reinforces this reality, framing cybersecurity as a core leadership responsibility, not a back-office IT issue.

In an era defined by digital risk, FIU is not simply teaching cybersecurity; it is helping support the leaders responsible for protecting Florida’s future.

___

Mike Asencio is Director of the Cyber Policy Program at the Jack D. Gordon Institute for Public Policy at Florida International University.