Donate
Article

Strengthening your court's response to a cyberattack with planning, training & practice

Group photo of participants at cybersecurity training

Background

A 2021 survey by NCSC revealed a notable increase in the number of courts experiencing disruptive cyber incidents, nearly doubling from 18% to 33% over four years. 

The Center for Internet Security (CIS) reported a 148% increase in malware attacks targeting state and local governments, including courts, in the first eight months of 2023.

This trend continues with recent cyber incidents occurring in courts in Colorado, Florida, Georgia, Mississippi, Missouri, Ohio, and Pennsylvania.

So how do we reverse the trend or better prepare to respond if an attack occurs ?

Building effective response teams

Cybersecurity and disaster recovery training, including practice with tabletop exercises, can strengthen your court's defense against attacks by building resiliency and developing recovery strategies. Preparation is a team effort built on partnerships across court leadership, IT, and outside providers. Engaging key court personnel in training deepens the interdepartmental relationships needed to effectively respond to a cyber event.

Court cybersecurity response teams may include:

  • A leading judicial officer
  • A leading administrator
  • CIO/CTO/CISO staff
  • Public information officer or communications manager
  • Emergency operations manager

Finding the right training for your court

Training helps courts identify key components of a cybersecurity and disaster recovery response and reveal blind spots and vulnerabilities that need to be addressed. 

Working with CIS, National Emergency Management Association, Joint Technology Committee and Court Information Technology Officers Consortium, we've launched a series of regional workshops made possible by a grant from the State Justice Institute. Past events took place in the West, Mid-Atlantic, and South. Future dates are in the Midwest in September 2025 and New England in April 2026. 

These workshops feature a comprehensive four-week training program that follows a three-part format: 

  1. Online educational sessions
  2. Self-paced information gathering and preparation
  3. In-person tabletop exercises with peers and experts

Courts unable to participate in the regional workshops can look to other training opportunities including tabletop exercises, in-person or online instruction, or our workshop workbook to get started. Our team can also develop custom courses to suit your needs, 

Looking ahead

It's never too early to prepare for the unexpected. With proper planning, training and following best practices, your court can build resilience against a cyberattack. 

Additional resources

Key elements of continuity planning

Continuity planning (COOP) helps ensure the continuation of critical court functions during a wide range of emergencies. Planning helps courts choose the right people to respond and how to best prioritize resources and focus following an emergency or threat.

Leadership & collaboration

Having the support of the presiding or chief judge and court administrator is critical. A comprehensive COOP planning team can assist with delegation of authority and establishing outside relationships.

Essential functions

Determine which critical activities are directly related to the court's mission. This limited set of court functions should be continued throughout the event, or resumed soon after, to avoid unnecessary disruptions.

Business process analysis

This analysis helps courts identify essential functions, recovery time objective, department/person responsible, key staff, resource needs, and other important aspects related to your response.

Our experts

Ready to get started?

Our team can help you identify the best training opportunities for your court and provide additional details about our upcoming regional workshops. 

Contact us today

Explore more

Guide

Cybersecurity basics for courts

The Joint Technology Committee has produced a guide to help court administrators, IT leaders, judges, legal teams and staff to establish cybersecurity measures including incident response teams, regular risk assessments, clear communication strategies and maintenance of public trust, in order to guard against a growing threat of cybercrimes such as ransomware, malware, phishing and insider threats.

Court cybersecurity

NCSC offers expert guidance and solutions, like risk assessments and policy frameworks, to help safeguard court systems from cybersecurity threats.