North Carolina is making the biggest cybersecurity investment in state history, according to a North Carolina Department of Information Technology (NCDIT) spokesperson, with $60 million set aside to secure state systems.
The newly approved state budget includes $18 million in recurring funding and another $42 million in one-time funding for cybersecurity. It also provides $25 million in non-recurring funding to modernize data management systems and $3.8 million for the North Carolina Health Information Exchange Authority.
But two words carry a lot of weight in North Carolina’s new budget: recurring and non-recurring. One keeps the lights on for the state’s long-term cyber program. The other tackles more urgent technology upgrades.
“The recurring funds will support maturing the cybersecurity program and ensuring a whole-of-state approach to securing the state’s data and systems,” the spokesperson said. “The non-recurring funds will support immediate upgrades, modernization, and risk-reduction efforts across state systems.”
The distinction matters because resilience isn’t built with one-time investments alone. As the agency put it, these are not “one-off needs” and say “we [the state] need a stronger overall infrastructure.” The added cybersecurity funding provides that continuity, reducing North Carolina’s dependence on temporary funding sources and creating “a more stable foundation for core cybersecurity operations,” according to the NCDIT representative.
But when will the actual funding arrive? The agency confirmed that the funding will not be distributed immediately. The state must first complete its budget certification process before agencies begin receiving money. From there, projects will be rolled out in phases based on North Carolina’s strategic cybersecurity plan, which was published in October and is now being reviewed. Once that review is complete, state officials will identify projects that align with the plan’s goals and applicable delivery timelines.
Those projects, however, will require not just dollars and technology, but a workforce equipped to put the investments into action.
Asked whether the additional funding would help address staffing needs — amid nationwide cyber workforce shortages — the spokesperson said the investment will support ongoing training and talent development to strengthen the expertise of existing cybersecurity workers.
The overarching goal for the entire funding package, the agency said, is to create a stronger digital backbone capable of adaptation.
“The investment gives North Carolina a stronger foundation for protecting state data, reducing risk, modernizing core systems, and delivering more reliable digital services,” the spokesperson said. “It positions the state to be more resilient, more prepared, and better able to meet the expectations of residents, businesses, and agencies.”
