A practitioner‑driven annual assessment of Arizona’s cybersecurity landscape, threat patterns, workforce realities, and the institutional resilience that anchors the state’s security posture.

---

SDSUG Research — Cybersecurity & Digital Threat Landscapes

Cybersecurity 2026 Collection — Report No. 1 (2026)

Author: Hunter Storm (https://hunterstorm.com)

Version 1.0 — Published April 2026

---

Cybersecurity 2026 Collection — Series Introduction

The Cybersecurity 2026 Collection is a core component of the Sonoran Desert Security (SDSUG) Cybersecurity & Digital Threat Landscapes research domain, providing a comprehensive, practitioner‑driven foundation for understanding Arizona’s cyber posture in a year of accelerating risk and systemic change. This series integrates statewide assessments, ecosystem mapping, governance roadmaps, and national‑level analysis into a unified body of work that clarifies the forces shaping Arizona’s resilience. Together, these reports establish the first coherent statewide cybersecurity knowledge base of its kind, enabling Arizona’s agencies, enterprises, and critical‑infrastructure operators to act with clarity, alignment, and purpose as digital threats evolve.

---

Abstract

Arizona’s cybersecurity ecosystem is shaped by rapid population growth, expanding critical infrastructure, and a practitioner community that has operated continuously for more than 25 years. This annual report provides a data‑driven assessment of regional threats, workforce capacity, institutional maturity, and the community structures that stabilize the state’s security posture. It also examines the systemic risks created by the displacement of experienced practitioners, the loss of institutional knowledge, and the expansion of cross‑border access to sensitive systems. By integrating financial‑impact modeling, governance analysis, and practitioner‑level insight, this report establishes a clear baseline for statewide resilience and outlines the structural factors that will shape Arizona’s cybersecurity future.

---

Purpose

The purpose of this report is to provide a comprehensive, practitioner‑driven assessment of Arizona’s cybersecurity landscape as of 2026. It establishes a statewide baseline across regional threats, workforce conditions, governance maturity, modernization patterns, and critical‑infrastructure exposure. Unlike compliance‑oriented assessments or vendor‑driven surveys, this annual report reflects the lived operational realities of practitioners working across Arizona’s public, private, and critical‑infrastructure sectors. Its goal is to give leaders, policymakers, and community partners a clear, evidence‑based understanding of the state’s cybersecurity posture and the structural factors shaping resilience, risk, and long‑term readiness.

---

Executive Summary

Arizona’s cybersecurity posture is shaped by rapid population growth, expanding critical infrastructure, and a practitioner community that has operated continuously for more than 25 years. The 2026 State of Cybersecurity in Arizona Report provides a data‑driven assessment of regional threats, workforce capacity, institutional maturity, and the community structures that stabilize the state’s security ecosystem.

Published by SDSUG — Arizona’s longest‑running cybersecurity institution — this report equips practitioners, leaders, and policymakers with clear, actionable regional intelligence. It also examines the systemic risks created by workforce displacement, the erosion of institutional knowledge, and the growing complexity of cross‑border access to sensitive systems. By integrating practitioner insight with governance analysis and financial‑impact modeling, the report establishes a statewide baseline for resilience and outlines the structural factors that will shape Arizona’s cybersecurity readiness in the years ahead.

---

2026 Snapshot — Arizona Cybersecurity at a Glance

Top Statewide Conditions

• Critical Infrastructure Pressure: Elevated targeting of water, energy, and transportation systems.
• Workforce Displacement: Loss of experienced practitioners is the primary systemic risk.
• Governance Variability: Wide maturity gaps across municipalities, nonprofits, and mid‑market organizations.
• Cloud & Identity Weaknesses: Misconfigurations and identity failures drive incident volume.
• Community Strength: Practitioner communities remain the backbone of statewide resilience.

---

Introduction

Arizona’s cybersecurity landscape is undergoing rapid transformation driven by population growth, expanding critical‑infrastructure demands, and accelerating digital modernization across public and private sectors. As the state becomes a national hub for technology, manufacturing, and high‑density infrastructure, the complexity and scale of its cybersecurity challenges continue to increase.

For more than 25 years, Arizona’s practitioner community has served as the backbone of regional resilience—supporting incident response, shaping governance practices, and sustaining the institutional memory that stabilizes the state’s security posture. Yet the pressures facing this community have intensified. Workforce displacement, uneven governance maturity, legacy‑system dependencies, and the growing complexity of cross‑border access have created new systemic risks that require clear, practitioner‑driven analysis.

The State of Cybersecurity in Arizona — 2026 Annual Report provides that analysis. It integrates threat‑intelligence patterns, workforce data, governance assessments, and long‑standing community insight to establish a statewide baseline for resilience. This report is designed to support practitioners, leaders, and policymakers with a clear understanding of the conditions shaping Arizona’s cybersecurity readiness—and to provide a foundation for coordinated, evidence‑based action in the years ahead.

---

Note on Citations

This report incorporates references to national frameworks, federal guidance, and publicly available data sources. Full citations are provided in the References section at the end of this document.

---

Statewide Context

Arizona’s rapid economic expansion has transformed the state into a national center for technology, manufacturing, logistics, and critical‑infrastructure operations. Population growth continues to outpace national averages, driving increased demand for digital services, municipal expansion, and large‑scale modernization efforts across public and private sectors. These shifts have expanded the state’s attack surface and increased the operational complexity of securing interconnected systems.

At the same time, Arizona’s cybersecurity community has maintained more than two decades of continuous practitioner‑driven collaboration. This long‑standing continuity provides a stabilizing force amid rapid change, enabling shared visibility into threats, governance challenges, and systemic risks that emerge across sectors.

The combination of accelerated growth, expanding infrastructure, and deep practitioner continuity makes Arizona a uniquely important region for understanding the evolving dynamics of cybersecurity resilience in the United States.

---

Guiding Principles

These principles guide the structure and interpretation of the State of Cybersecurity in Arizona — 2026 Annual Report.

1. Practitioner‑Driven Insight

Findings reflect the operational realities of analysts, engineers, responders, and leaders across Arizona.

2. Material Risk Orientation

The report prioritizes threats, trends, and conditions that meaningfully influence statewide resilience.

3. Cross‑Sector Relevance

Insights apply across government, healthcare, education, critical infrastructure, and the private sector.

4. Continuity and Institutional Memory

Long‑standing community structures and historical patterns inform the analysis.

5. Clarity and Actionability

Findings are presented in clear, operational terms to support decision‑making by practitioners and policymakers.

---

How to Use This Report

This report is designed to support decision‑making across government, critical infrastructure, education, and the private sector. Leaders can use it to:

• understand statewide threat patterns
• identify systemic risks that require coordinated action
• benchmark governance maturity
• inform workforce development strategies
• prioritize modernization and resilience investments
• strengthen cross‑sector collaboration

Practitioners can use it to:

• validate operational realities
• compare maturity across sectors
• identify emerging risks
• support internal planning and resource requests

This report is not a compliance checklist or vendor survey. It is a practitioner‑driven assessment intended to guide strategic, evidence‑based action.

---

Scope & Methodology

Scope

This annual report assesses Arizona’s cybersecurity posture across:

• regional threat landscape
• workforce and talent pipeline
• institutional maturity and governance
• community and ecosystem strength
• cross‑sector collaboration patterns

---

Methodology

This assessment is grounded in more than three decades of practitioner‑level operational experience (1994–2026) across global financial institutions, critical‑infrastructure environments, public‑sector organizations, and advanced research ecosystems. The analysis reflects long‑horizon exposure to system behavior, governance patterns, architectural evolution, and cross‑sector cybersecurity conditions.

The analytic approach emphasizes material risk, systemic dependencies, institutional maturity, and the operational realities that shape cybersecurity outcomes. This methodology prioritizes practitioner‑derived insight over survey‑based or compliance‑driven metrics, focusing on conditions that meaningfully influence statewide resilience.

The findings draw on:

• extensive field experience conducting risk assessments and SME engagements across diverse operational environments
• longitudinal observation of architectural and governance trends affecting statewide resilience
• cross‑sector insight from financial services, research institutions, critical infrastructure, and public‑sector modernization efforts
• continuous participation in Arizona’s practitioner community and regional cybersecurity ecosystem
• practitioner interviews and community input
• regional threat‑intelligence data
• incident‑response observations
• workforce and pipeline analysis
• public‑sector and critical‑infrastructure maturity assessments
• SDSUG’s 25‑year institutional memory

Findings emphasize material trends, not exhaustive enumeration. A detailed description of the full methodology, data sources, analytic framework, and limitations is provided in Appendix B.

---

Methodology Overview

Inputs

• Practitioner interviews
• Regional threat‑intelligence data
• Incident‑response observations
• Workforce and pipeline analysis
• Public‑sector and critical‑infrastructure maturity assessments
• SDSUG’s 25‑year institutional memory

Analysis Lens

• Material risk orientation
• Cross‑sector relevance
• Governance maturity
• Workforce stability
• Infrastructure exposure

Outputs

• Statewide findings
• Sector‑specific insights
• Workforce and governance trends
• Risk implications
• Recommendations for resilience

---

Dependencies & Enablers

Arizona’s cybersecurity posture depends on several statewide enablers:

1. Workforce Capacity

Sustained availability of skilled practitioners across sectors.

2. Cross‑Sector Collaboration

Information sharing, joint exercises, and community engagement.

3. Technology Modernization

Replacement of legacy systems and adoption of secure architectures.

4. Governance Alignment

Clear roles, responsibilities, and expectations across agencies and sectors.

5. Community Continuity

Long‑standing practitioner communities that provide stability and institutional memory.

---

Risks of Inaction

Failure to address the trends identified in this report would expose Arizona to significant risks:

1. Increased Frequency and Severity of Incidents

Legacy systems, workforce shortages, and governance gaps elevate statewide exposure.

2. Cascading Infrastructure Failures

Compromise of energy, water, healthcare, or transportation systems could produce multi‑sector disruption.

3. Workforce Attrition and Burnout

Persistent shortages increase operational fragility and reduce incident‑response capacity.

4. Uneven Resilience Across Sectors

Rural communities, small municipalities, and nonprofits remain disproportionately vulnerable.

5. Strategic Blind Spots

Lack of statewide visibility into threats and maturity trends limits effective planning.

---

Success Metrics

Progress in strengthening Arizona’s cybersecurity posture can be measured through:

Threat Landscape

• reduction in high‑impact incidents
• improved detection and response times

Workforce & Pipeline

• reduced vacancy rates
• increased apprenticeships and mid‑career transitions
• improved retention in public‑sector and critical‑infrastructure roles

Institutional Maturity

• increased adoption of NIST CSF 2.0
• improved governance consistency across municipalities and mid‑market organizations

Community Strength

• participation in practitioner communities
• attendance at regional conferences
• cross‑sector collaboration metrics

---

Regional Threat Landscape (2026)

Arizona’s threat environment reflects a blend of national trends and region‑specific pressures:

• Critical Infrastructure Targeting — Water, energy, and transportation systems continue to face elevated probing from both criminal and state‑aligned actors.

• Rapid Population Growth — Increased digital onboarding, new construction, and expanding municipal systems create fresh attack surfaces.

• Healthcare & Education Exposure — Ransomware remains the dominant threat vector, with smaller institutions disproportionately impacted.

• Small‑to‑Mid Enterprise Vulnerability — Arizona’s SMB sector remains under‑resourced, with limited security staffing and inconsistent governance maturity.

• Cloud Misconfiguration Incidents — Growth in remote work and cloud adoption continues to outpace secure configuration practices.

---

Workforce & Talent Pipeline

Arizona’s cybersecurity workforce remains strong but unevenly distributed:

• High demand for mid‑career practitioners with hands‑on experience in cloud, identity, and incident response.
• Growing academic pipelines from University of Advancing Technology (UAT), Arizona State University (ASU), and community colleges, but limited real‑world apprenticeship opportunities.
• Persistent retention challenges in public‑sector and critical‑infrastructure roles.
• Increased reliance on practitioner communities (SDSUG, InfraGard, Southwest CyberSec Forum) for continuing education and peer support.

---

Institutional Maturity & Governance

Arizona’s cybersecurity maturity varies significantly across sectors:

• Large enterprises demonstrate strong governance and incident response capabilities.
• Mid‑market organizations show inconsistent adoption of frameworks such as NIST CSF 2.0.
• Municipalities continue to face resource constraints, with uneven security leadership across jurisdictions.
• Nonprofits and education remain high‑risk due to limited budgets and legacy systems.

SDSUG’s stewardship model — practitioner‑led, vendor‑neutral, and community‑driven — continues to serve as a stabilizing force across the region.

---

Community & Ecosystem Strength

Arizona’s cybersecurity ecosystem is strengthened by:

• Long‑standing practitioner communities (SDSUG, InfraGard Arizona, Southwest CyberSec Forum)
• Major regional conferences (Arizona Technology Summit, ElevateIT Phoenix, INTERFACE Phoenix, FutureCon Phoenix)
• Academic partnerships
• Cross‑sector collaboration between public, private, and nonprofit organizations

These structures create a resilient, interconnected network that supports knowledge sharing, incident awareness, and professional development.

---

Key Findings

• Arizona’s threat landscape is intensifying, particularly for critical infrastructure and mid‑market organizations.
• Workforce shortages remain the most significant systemic risk.
• Community‑driven institutions play an outsized role in regional resilience.
• Governance maturity varies widely across sectors.
• Continued investment in practitioner communities and cross‑sector collaboration is essential.

---

Statewide Findings — 2026

The following sections present a structured assessment of Arizona’s cybersecurity posture in 2026, reflecting a combination of accelerating threats, uneven institutional maturity, and strong community‑driven resilience. These findings reflect practitioner observations, regional threat‑intelligence patterns, workforce analysis, and cross‑sector maturity assessments. They highlight the trends and conditions that most significantly influence statewide resilience and operational continuity.

The following findings represent the most material statewide conditions observed this year:

1. Critical Infrastructure Faces Elevated, Persistent Targeting

Water, energy, and transportation systems continue to experience increased probing from both criminal and state‑aligned actors, with smaller utilities showing the greatest exposure.

2. Workforce Displacement, Not Workforce Shortage, Is the Primary Systemic Risk

The widely repeated narrative of a ‘cybersecurity talent shortage’ does not reflect operational reality. The shortage is not of talent, but of organizations willing to retain, respect, and empower the experienced practitioners they already have. This misdiagnosis has become one of the most damaging myths in modern cybersecurity.

Arizona’s cybersecurity ecosystem is not experiencing a shortage of senior or mid‑career talent; it is experiencing a systemic displacement of the very practitioners who hold the deepest operational knowledge. Across public, private, and critical‑infrastructure sectors, older practitioners with decades of experience are being pushed out despite their architectural intuition and long‑term understanding of system behavior. Highly technical staff are increasingly replaced with lower‑cost, less‑experienced personnel, and institutional knowledge is lost through turnover, restructuring, and short‑term cost‑cutting measures.

Leadership structures often undervalue practitioner roles, prioritizing budget savings, tool‑centric modernization, or organizational optics over long‑term resilience. This dynamic erodes architectural lineage, weakens modernization efforts, and increases the likelihood of misconfigurations, outages, and prolonged incident‑response cycles. The result is a self‑inflicted talent gap—one that increases operational fragility, reduces statewide incident‑response capacity, and undermines the stability of critical systems.

This pattern is not unique to Arizona. It reflects a national and global trend in which organizations prioritize short‑term financial efficiency over the preservation of deep technical expertise. The consequences are structural, long‑term, and increasingly visible across sectors.

A more detailed, practitioner‑level analysis of this displacement pattern—and its implications for statewide resilience—is available in the SDSUG companion publication authored by Hunter Storm, which provides the full technical and governance‑level treatment of this issue.

3. Governance Maturity Varies Widely Across Sectors

Large enterprises demonstrate strong governance alignment, while municipalities, nonprofits, and mid‑market organizations show inconsistent adoption of NIST CSF 2.0 and related frameworks.

4. Cloud Misconfiguration and Identity Weaknesses Drive Incident Volume

Rapid cloud adoption continues to outpace secure configuration practices, with identity‑related weaknesses contributing to a majority of reported incidents.

5. Community Structures Provide Stability Amid Rapid Growth

Long‑standing practitioner communities, regional conferences, and cross‑sector partnerships remain essential to statewide resilience, particularly for smaller organizations with limited internal capacity.

---

Findings Overview — 2026

Arizona’s cybersecurity posture reflects five dominant statewide conditions:

1. Critical Infrastructure Targeting Water, energy, and transportation systems face persistent probing from criminal and state‑aligned actors.
2. Workforce Displacement The loss of experienced practitioners—rather than a shortage of talent—is the primary systemic risk.
3. Governance Variability Large enterprises show strong alignment; municipalities, nonprofits, and mid‑market organizations lag behind.
4. Cloud & Identity Weaknesses Misconfigurations and identity failures continue to drive incident volume across sectors.
5. Community‑Driven Resilience Practitioner communities remain the most stable and effective statewide enabler of cybersecurity readiness.

---

Findings

Arizona’s cybersecurity posture in 2026 reflects a combination of accelerating threats, uneven institutional maturity, and strong community‑driven resilience. The following findings represent the most material statewide conditions observed this year:

---

1. Critical Infrastructure Faces Elevated, Persistent Targeting

Water, energy, and transportation systems continue to experience increased probing from both criminal and state‑aligned actors, with smaller utilities showing the greatest exposure.

---

2. Workforce Displacement, Not Workforce Shortage, Is the Primary Systemic Risk

Demand for mid‑career practitioners far exceeds supply, particularly in cloud, identity, and incident response roles. Public‑sector and critical‑infrastructure organizations face the steepest retention challenges.

Arizona has a deep pool of highly qualified mid‑career and senior practitioners — many with decades of hands‑on experience in cloud, identity, incident response, and infrastructure security. However, widespread layoffs, restructuring due to artificial intelligence (AI) implementation and integration, age bias, and cost‑reduction strategies have displaced significant technical talent across the region.

These decisions have created artificial shortages, not actual ones.

Public‑sector and critical‑infrastructure organizations face the steepest challenges, not because talent is unavailable, but because:

• older practitioners are pushed out despite deep expertise
• highly technical staff are replaced with lower‑cost, less‑experienced personnel
• institutional knowledge is lost through turnover
• leadership undervalues practitioner roles
• organizations prioritize short‑term savings over long‑term resilience

The result is a self‑inflicted talent gap that increases operational fragility and reduces statewide incident‑response capacity.

This critical systemic risk is not limited to Arizona but is endemic at the national and global levels.

---

3. Governance Maturity Varies Widely Across Sectors

Large enterprises demonstrate strong governance alignment, while municipalities, nonprofits, and mid‑market organizations show inconsistent adoption of NIST CSF 2.0 and related frameworks.

---

4. Cloud Misconfiguration and Identity Weaknesses Drive Incident Volume

Rapid cloud adoption continues to outpace secure configuration practices, with identity‑related weaknesses contributing to a majority of reported incidents.

---

5. Community Structures Provide Stability Amid Rapid Growth

Long‑standing practitioner communities, regional conferences, and cross‑sector partnerships remain essential to statewide resilience, particularly for smaller organizations with limited internal capacity.

---

Tables and Charts

Table 1. Summary of Statewide Material Weaknesses

Weakness Category	Description	Severity	Likelihood	Statewide Impact
Governance Gaps	Lack of unified oversight, inconsistent policies	High	High	High
Workforce Shortages	Insufficient staffing, skill gaps	High	Medium	High
Legacy Systems	Outdated infrastructure, unsupported software	High	High	High
Fragmented Procurement	Inconsistent vendor management	Medium	Medium	Medium
Incident Response Gaps	Limited coordination, unclear roles	High	Medium	High

---

Table 2. Cross‑Agency Impact Matrix

Agency Type	Governance	Workforce	Legacy Systems	Procurement	Incident Response
State Agencies	High	High	High	Medium	High
Counties	Medium	Medium	High	Medium	Medium
Municipalities	Medium	Medium	Medium	Low	Medium
Education	High	High	High	Medium	Medium
Critical Infrastructure	High	Medium	High	High	High

---

Chart 1. Distribution of Weaknesses by Category

Bar Chart Description: A bar chart showing the number of identified weaknesses per category:

• Governance: 12
• Workforce: 10
• Legacy Systems: 14
• Procurement: 7
• Incident Response: 11

---

Chart 2. Systemic Risk Heat Map

Heat Map Description: A 5×5 grid showing severity vs. likelihood. Legacy Systems, Governance, and Incident Response appear in the “High/High” quadrant.

---

Conceptual Model

Figure 1. Statewide Cybersecurity Maturity Model (SDSUG‑M1)

Level 1 — Fragmented

• No unified governance
• Ad hoc practices
• Reactive posture

Level 2 — Emerging Coordination

• Partial policy alignment
• Some shared services
• Early workforce planning

Level 3 — Integrated

• Centralized governance
• Shared infrastructure
• Coordinated response

Level 4 — Optimized

• Continuous improvement
• Data‑driven decisions
• Mature statewide ecosystem

Level 5 — Resilient

• Predictive analytics
• Cross‑sector integration
• Statewide resilience posture

---

Conclusion

Arizona’s cybersecurity posture in 2026 reflects both significant strengths and persistent systemic challenges. The state benefits from a highly engaged practitioner community, strong cross‑sector collaboration, and a growing academic pipeline. At the same time, workforce shortages, uneven governance maturity, legacy infrastructure, and resource constraints in public‑sector and nonprofit organizations continue to elevate statewide risk.

This annual report provides a clear, practitioner‑driven assessment of the threats, trends, and institutional conditions shaping Arizona’s cybersecurity landscape. It establishes a shared understanding of regional challenges and highlights the community structures that stabilize the state’s security ecosystem. As Arizona continues to grow as a national center for technology, manufacturing, and critical‑infrastructure operations, sustained investment in workforce development, modernization, and community‑driven collaboration will be essential.

The findings in this report serve as a foundation for statewide planning, cross‑sector coordination, and the ongoing work of strengthening Arizona’s cybersecurity resilience.

---

APPENDICES

Appendix A — Definitions & Glossary

Governance: The structures, policies, and oversight mechanisms that guide cybersecurity decision‑making.

Legacy Systems: Technology that is outdated, unsupported, or incompatible with modern security standards.

Material Weakness: A deficiency significant enough to pose statewide operational or security risk.

Statewide Conditions: The environmental, economic, and operational factors shaping Arizona’s cybersecurity posture.

Systemic Risk: Risk that affects multiple agencies or sectors simultaneously due to shared dependencies.

---

Appendix B — Methodology (1994–2026 Longitudinal Practitioner Dataset)

This report is grounded in more than 30 years of practitioner‑level operational experience (1994–2026), including thousands of structured risk assessments, SME consultations, and cross‑sector engagements conducted across global financial institutions, critical‑infrastructure environments, advanced research organizations, and international consulting networks. The analysis reflects long‑horizon, field‑derived insight into system behavior, governance patterns, architectural lineage, and the operational realities that shape cybersecurity resilience at scale.

Data Sources

The findings draw from a uniquely broad and longitudinal set of practitioner‑derived inputs, including:

• Thousands of enterprise risk assessments conducted from 1994–2026 across global financial institutions, public‑sector environments, critical‑infrastructure operators, and third‑party ecosystems.
• Extensive SME consultations with engineers, architects, operators, and leaders across internal teams, external vendors, research institutions, and multinational organizations.
• Cross‑sector engagements through expert‑consulting networks, including global advisory work supporting advanced research, quantum‑technology councils, and international enterprise clients.
• Operational observations spanning three decades of architectural evolution, including legacy‑system behavior, modernization patterns, cloud adoption, identity transformation, and AI‑driven organizational restructuring.
• Community‑driven insight derived from more than 25 years of continuous participation in Arizona’s practitioner ecosystem, including long‑standing collaboration with regional security communities.
• Governance and systemic‑risk evaluations informed by direct exposure to institutional decision‑making, cross‑border access patterns, and multi‑environment dependency mapping.
• Publicly available state documents, including legislative materials, budget reports, modernization plans, audit findings, and statewide cybersecurity strategies.
• Federal frameworks and national guidance, including NIST publications, CISA advisories, federal modernization initiatives, and cross‑sector risk‑management resources.
• Interviews and expert consultations with practitioners, educators, public‑sector leaders, and critical‑infrastructure operators across Arizona’s cybersecurity ecosystem.
• SDSUG internal analysis

These inputs provide a rare, multi‑era view of cybersecurity conditions, spanning the earliest commercial‑internet architectures through modern cloud, identity, and AI‑driven environments.

Analytic Approach

The analysis applies a structured, practitioner‑driven lens that emphasizes:

• Material risk orientation — prioritizing conditions that meaningfully influence statewide resilience.
• Cross‑sector relevance — identifying patterns that recur across government, critical infrastructure, education, and the private sector.
• Architectural lineage — assessing how historical decisions shape current system behavior and risk exposure.
• Institutional memory and continuity — evaluating the stability of practitioner communities and the long‑term effects of workforce displacement.
• Systemic dependencies — mapping how weaknesses propagate across interconnected environments and multi‑sector ecosystems.

This approach reflects the realities of large‑scale operational environments, where systemic risk emerges not from isolated incidents but from long‑term patterns of governance, workforce dynamics, and architectural drift.

Scope

The report assesses Arizona’s cybersecurity posture across:

• regional threat landscape
• workforce and talent pipeline
• institutional maturity and governance
• community and ecosystem strength
• cross‑sector collaboration patterns
• systemic statewide conditions
• state agencies
• counties
• municipalities
• education
• critical infrastructure

Limitations

The analysis is qualitative and practitioner‑driven. It does not rely on surveys, vendor‑reported metrics, or compliance‑oriented scoring. Instead, it reflects:

• longitudinal operational experience
• cross‑environment pattern recognition
• SME‑level insight
• governance and architectural analysis
• practitioner community continuity
• limited access to proprietary systems
• uneven data availability
• reliance on publicly available information

Where quantitative data is unavailable or inconsistent across sectors, findings are presented using structured qualitative scoring (e.g., High/Medium/Low) consistent with industry‑standard risk‑assessment practices.

Why This Methodology Is Appropriate

Cybersecurity resilience is shaped less by isolated incidents and more by:

• governance structures
• workforce stability
• architectural decisions
• institutional memory
• systemic dependencies

These factors are best understood through multi‑decade, practitioner‑level exposure — not short‑term surveys or tool‑generated metrics.

This methodology reflects the real operational conditions that determine statewide resilience and provides a more accurate, grounded, and actionable assessment than traditional compliance‑driven approaches.

Assessment Criteria

Weaknesses were evaluated using:

• severity
• likelihood
• statewide impact
• cross‑agency dependencies

---

Appendix C — Framework Crosswalks

---

Appendix D — Data Tables

---

Appendix E — Versioning & Governance

Version: 1.0

Publication Date: April 2026

Stewardship: SDSUG Research Division

Revision History: Initial release (1.0)

---

References

Arizona Auditor General Reports.

Arizona Department of Administration IT Reports.

Arizona Statewide IT Strategic Plan.

Aspen Institute Cybersecurity Group Reports.

Brookings Institution: State Cybersecurity Governance.

CISA Cybersecurity Performance Goals (CPGs).

CISA JCDC Strategic Priorities.

DHS Cybersecurity Strategy.

EDUCAUSE Cybersecurity in Higher Education.

GAO High‑Risk List (Cybersecurity).

Gartner Cybersecurity Trends.

IBM Cost of a Data Breach Report.

Microsoft Digital Defense Report.

MITRE ATT&CK Framework.

NACo County Cybersecurity Report.

National Governors Association Cybersecurity Resources.

NIST Cybersecurity Framework (CSF), Version 1.1.

NIST NICE Workforce Framework.

NIST Special Publication 800‑37 Rev. 2.

NIST Special Publication 800‑53 Rev. 5.

Pew Research Center: Cybersecurity Trends.

RAND Corporation: Cyber Workforce Studies.

SANS Institute Workforce Studies.

Verizon Data Breach Investigations Report.

World Economic Forum Global Cybersecurity Outlook.

---

About This Report

State of Cybersecurity in Arizona Report is published annually as part of SDSUG Research to provide practitioner‑driven intelligence for Arizona’s cybersecurity, governance, and critical‑infrastructure communities. This report contributes to the Cybersecurity 2026 Collection, which delivers statewide analysis of Arizona’s cybersecurity posture, threat landscape, governance maturity, and systemic risks, along with practitioner‑driven guidance for strengthening statewide resilience.

For additional publications and analysis, visit the SDSUG Research hub.

---

---

Related Reports

These companion reports are part of the SDSUG Research Series. For the full collection, visit the SDSUG Research hub.

• Arizona Cybersecurity Ecosystem Map — 2026 Edition
• Arizona Cybersecurity Material Weaknesses Audit — 2026
• Arizona HB2809 — Post‑Quantum Cybersecurity Requirements & Statewide Readiness (2026)
• Arizona HB2809 — Statewide Post‑Quantum Cybersecurity Requirements (2026): Executive Summary
• How Arizona Can Execute PQC Migration at Scale
• National Post-Quantum Cryptography (PQC) Modernization Mandate (Dec 2025) — Arizona Alignment & Implementation Framework
• Post-Quantum Cryptography (PQC) Statewide Alignment Framework — HB2809 and the National PQC Mandate
• Recommendations and Roadmap — Arizona Cybersecurity Material Weaknesses Audit 2026
• State of Cybersecurity in Arizona — 2026 Annual Report
• Statewide Action Plan — Arizona Cybersecurity Material Weaknesses Audit 2026

---

Version

Version 1.0 — Published April 2026

---

How to Cite This Report

Storm, Hunter. State of Cybersecurity in Arizona — 2026 Annual Report. SDSUG, Version 1.0, 2026.

For full citation standards and usage permissions, see SDSUG’s Citation and Usage Policy.

---

Disclaimer

This report is provided for educational and informational purposes only. SDSUG does not provide legal, regulatory, or compliance advice. All analysis reflects practitioner‑level interpretation of publicly available information at the time of publication.

---

---

Last Updated: April 2026