County Magazine

Cyberattacks against Texas counties are no longer rare disruptions — they’re a constant, evolving threat that targets every corner of local government. And the data shows the problem is getting worse. In 2024, the FBI received 859,532 internet crime complaints, representing $16.6 billion in losses nationwide — a 33% increase from the year before.

Counties feel that pressure acutely. Local governments ranked third among all sectors for ransomware breaches in 2024, and public-sector ransomware remains one of the most financially damaging cybercrimes. For counties, even a single breach can disrupt essential services, delay court proceedings, expose confidential resident data, and erode public trust.

The threat landscape for Texas counties

Texas counties are prime targets for several reasons: They manage sensitive data, run large networks with many access points, and often lack the full staff or budget of larger government agencies. In fact, more than 70% of local governments in Texas report being under-resourced in cybersecurity staffing and tools, according to a 2020 Texas Department of Information Resources cybersecurity report.

The results show up in the numbers. From 2020 to the present, TAC Risk Management Pool cyber claims have risen significantly, peaking in 2024 and were on track to eclipse that mark as 2025 came to a close. A staggering 85% of cyber claims were business email compromise, 7% were ransomware, and the remaining claims involved theft of funds or malware in some combination.

Phishing attempts, which seek to elicit user credentials and other actionable information through email and other messaging, continue to be one of the most damaging threats, accounting for 193,407 complaints nationally — the highest single category in 2024.

The state’s own incidents underscore the stakes: Recent breaches have hit agencies and counties alike, such as the Wichita County breach exposing 47,000 Social Security numbers, the Texas Department of Transportation leak of 300,000 crash reports, and a series of county infrastructure compromises.

Where counties have the most gaps

Across TAC’s claims data and statewide reports, the same vulnerabilities appear again and again. Common gaps include a lack of phish-resistant multifactor authentication, use of insecure or free email services, weak or missing cybersecurity policies, no endpoint detection and response (EDR) software on all county devices, and limited visibility into network activity.

Counties often face these issues simply because they don’t have the personnel to manage rapidly evolving threats. As Matt Bruns, Senior Security Analyst at TAC, said, most people would be surprised about how much ongoing scanning and attacking happens all the time. Even small counties with only a handful of public-facing servers receive probing from automated bots and sophisticated criminal groups.

He also noted that the main entry point — year after year — remains the same: people clicking a malicious link. Reducing the number of clicks reduces the number of instances drastically, Bruns said.

The state’s biggest new resource: RSOCs

One of the most significant developments for county cybersecurity in recent years is the expansion of Regional Security Operations Centers (RSOCs). These centers — housed at The University of Texas at Austin, Angelo State University and UT Rio Grande Valley — are state-funded, available at no cost, and designed specifically to protect local governments. They provide 24/7 monitoring, leak alerts, scans for risky internet-facing systems, AI-driven email threat protection and more.

They also partner directly with county IT staffers or vendors rather than replacing them, acting as a “force multiplier.” ’

And counties are using them on some level: As of July 2025, 185 Texas counties and cities had received 999 threat reports, with services uncovering compromised credentials, system vulnerabilities and active compromises.

A stronger defense starts with prepared people

Counties can’t prevent every attack, but preparation makes all the difference. Tabletop exercises like the annual incident simulation TAC conducts internally help staffers rehearse what they would do during a real breach. These exercises force teams to think beyond technical fixes, including how to communicate with employees, members and the media when systems are down.

Whether counties rely on the TAC Risk Management Pool, TAC’s County Information Resources Agency, RSOCs, internal IT teams or a combination of all four, one thing is clear: Cybersecurity is no longer an add-on. It’s core to delivering uninterrupted county services, securing data, and protecting every resident who relies on them.