ICYMI: NASCIO’s 2025 Midyear Conference Rundown

The 2025 National Association of State Chief Information Officers (NASCIO) Midyear Conference took place in Philadelphia, PA where state technology leaders shared insights into their top technology priorities for this year. Some of the key focus areas included AI with emphasis on generative AI, data management, governance and quality and cybersecurity and risk management.

Artificial Intelligence

This year, new technology investments will require creativity, innovation and a delicate balance of cost savings and the need to support citizen services through modernization and efficiency.

AI, driven largely by GenAI, took the number two spot on NASCIO’s top ten technology priorities list this year, highlighting the tremendous influence and role that AI is playing in the SLED technology space. AI has been transformative to government operations across all vertical, whether that’s public safety, health and human services or education.

Over the last few years, there has been a significant rise in AI-related legislation at the state level. There have been nearly 550 AI-related bills introduced in the 2025 legislative session so far; this spans the gamut of legislative action categories, including topics such as consumer protections and safety, regulations around high-risk systems, AI’s role in election security or the concern over deep fakes. This year, there are also a lot of protectionist bills being introduced, as well as various interest groups and lobbyists seeking prevention of GenAI use in some capacities. 

The state of Texas, for example, introduced the Texas Responsible Artificial Intelligence Governance Act which takes into account the issue of algorithmic discrimination and establishes a regulatory sandbox for AI testing.

At the federal level, through various new policies and EOs, the Trump administration has signified continuing efforts to dominate AI global competition with promises to help build AI data centers and other AI-related infrastructure.

On April 23rd, President Trump released a new EO directing the integration of AI into K-12 schools in an effort to provide the future U.S. workforce with the necessary skills to further the technology’s innovation capabilities.  This EO establishes a White House Task Force on AI Education which will be directed to establish public-private partnerships to provide resources for K-12 AI education which the White House said would also aim to equip students with better AI tools.

When it comes to generative AI, quite a few states are still at a relatively similar maturity spot. State technology leaders are focusing on establishing the appropriate policies and frameworks, studying potential implications of implementation through use cases and encouraging a culture of open and honest discussion amongst stakeholders. Considerations around risk evaluation, procurements and contracts, workforce and equity and accessibility are also top of mind.

The state of Kentucky, for example, is still in an exploratory phase with AI, whereby the state’s current focus is on the establishment of sound governance and policy.

California, on the other hand, introduced a challenge-based procurement highlighting proofs of concept and use cases around state employee functions such as records digitization and policy review. California leaders are looking to utilize AI to enhance citizen service delivery while ensuring that its implementation provides value to the state while minimizing overall costs. California state technology leaders are also considering the role that AI plays throughout the state’s broader service delivery and equity goals.

When it comes to agency-specific AI projects, the California Department of Transportation (CDOT) is hoping generative AI can optimize traffic with the goal of eliminating traffic fatalities by 2050. CDOT plans to use AI to analyze crash data to proactively identify roadways that need safety enhancements and prioritize those roadways in the state’s budget allocations.

Florida is another state that has been able to harness the power of AI within its Department of Children and Families (DCF) to assist in its grant writing process related to opioids. The state has been able to successfully reduce the typical four-week grant writing process down to two days.

Illinois has also identified various applications for AI that can help create more efficiencies within its health and human services sector, including policy bots for child welfare, intelligent document processing and reducing time spent on case note population.

Overall, state technology leaders expressed optimism towards generative AI’s adoption and use, while recognizing the need to be cautious and understanding that AI is not a panacea for all. AI has the potential to drive innovation and progress for SLED entities, and this will be reflected in future procurements and acquisitions. 

IT companies should continue to stay abreast of developing regulations and policies governing AI and its usage, with the understanding that security, privacy, equity and accessibility and data governance will be top priority. For IT companies in the security and/or privacy space, state and local government customers will be looking to bake in stringent security and privacy measures throughout all layers of AI’s execution. This “secure by design” approach will require the protection of all AI systems and critical infrastructure from cyber threats. Secure and resilient AI software development and implementation will require software vulnerabilities to be addressed, and AI manufacturers will need to prioritize security throughout the product’s entire lifecycle.

Data Management, Accessibility and Governance

The rapid advancement and adoption of generative AI has posed concerns around data management, governance and quality, with many state leaders in agreement that current data management and quality standards are not up to par with the requirements generated by innovative technologies such as AI. In a recent NASCIO survey on data management, 96 percent of survey respondents stated that the increased adoption of generative AI is driving the need for better data management. When it comes to data quality, 73% of state technology organizations reported the absence of data quality programs.

In 2025, states recognize the integral role of data quality, management, and accessibility in everyday operations. Show your customer how easy it is to integrate your solution within their existing data infrastructure; how compatible it is. To tackle challenges around data management and data quality, use this opportunity in the near-term to partner with state and local agencies to alleviate some of their concerns, allowing them to become more innovative in future adoption of emerging technologies.

Cybersecurity and Risk Management

Unsurprisingly, cybersecurity is still top of mind for state CIOs and will continue to drive purchasing decisions for state and local government end users. Cybersecurity threats continue to pose risk to our nation’s infrastructure and bad actors are only becoming more sophisticated as they continue to gain access to emerging technologies such as AI. State governments are also facing a growing threat of fraud, especially within benefits systems such as unemployment insurance, which is leading to significant financial losses.

During one of NASCIO’s midyear conference breakout sessions, the state of Massachusetts highlighted some alarming statistics around cybersecurity metrics and AI-enhanced threats. For instance, a recent report suggests that by 2026, it is projected that a threat actor will be able to exploit a vulnerability in under 60 minutes, a dramatic change from the 9 days originally identified in 2021-2022. Furthermore, the speed at which ransomware can be built is projected to increase to 15 minutes by 2026, compared to 12 hours in 2021-2022.

To address these and other security challenges, Massachusetts’ key initiatives include a focus on application modernization, regular updates and patching to ensure critical vulnerabilities are addressed, ubiquitous MFA implementation, centralized identity management supported by a robust and AI-enhanced identity verification solution, the elimination of legacy business processes and mandated employee security awareness training. The state also has monthly phishing testing, with modernized training aimed at addressing the current 2% employee failure rate. Through these efforts, Massachusetts was able to reach its statewide goal of reducing critical vulnerabilities by 50% and increasing velocity of vulnerability mitigation by 300%.

As we round out FY25, technology companies will continue to see demand for tools and solutions that can help shore up their cybersecurity posture such as software and firewall protections, securing a reliable backup system, cyber training for staff and testing for vulnerabilities, systemwide multi-factor authentication, continuous security monitoring, encryption and cloud backup processes. State leaders also cautioned against pitching tools or solutions without disclosing information about the origin of their data.

To get more TD SYNNEX Public Sector Market Insight content, please visit our Market Intelligence microsite.
 

About the Author: Yvonne Maffia is the senior analyst covering state, local and education markets. She applies insights and analysis to purchasing trends to help vendors and partners shorten their sales cycles. Prior to joining TD SYNNEX Public Sector, Yvonne spent 8 years working in state and local government, where she oversaw advisory boards across the State of Florida and served as an analyst to a local politician. Yvonne currently lives in Washington, DC.

 

>