Key Takeaways
- The average data‑breach cost for U.S. organizations in 2025 is $10.22 million; 34 % of Alabama’s local agencies have suffered ransomware attacks.
- Alabama’s typical municipal IT division employs only 2.2 people, leaving communities vulnerable to prolonged disruptions of water, utilities, communications, and public safety.
- The Alabama Cybersecurity Intelligence Center (ACIC), a partnership between the Alabama Office of Information Technology (AOIT) and the McCrary Institute, delivers McCrary Secure – a suite of no‑cost cyber‑hygiene, penetration testing, incident‑response planning, and 24/7 monitoring services funded by the $19 million State and Local Cybersecurity Grant Program (SLCGP).
- McCrary Secure helps localities like Calera identify weaknesses, prioritize fixes, and build proactive defenses while serving as a workforce‑development pipeline that gives students hands‑on experience with industry tools such as Splunk and CrowdStrike.
- Continuous monitoring powered by Security Orchestration, Automation and Response (SOAR) enables rapid containment of threats, often before local staff can respond, and tabletop exercises prepare leaders for worst‑case scenarios.
The Growing Cyber Threat to Alabama’s Local Governments
In 2025, the average cost of a data breach for U.S. organizations reached $10.22 million, according to IBM, and ransomware struck 34 % of Alabama’s local agencies—including city halls, fire stations, hospitals, and schools. These incidents can cripple essential services: water systems go offline, utility billing stops, communications falter, and public safety is jeopardized, creating what experts describe as “a city’s worst day.”
Limited IT Resources Amplify Risk
Despite the high stakes, the average information‑technology division in Alabama employs just 2.2 people. Such thin staffing makes it nearly impossible for municipalities to maintain round‑the‑clock vigilance, patch vulnerabilities, or respond swiftly when attackers infiltrate networks. A successful cyberattack can therefore shut down the systems a community depends on for days or weeks.
Introducing the Alabama Cybersecurity Intelligence Center
To address this gap, the Alabama Cybersecurity Intelligence Center (ACIC) was created as a joint initiative of the Alabama Office of Information Technology (AOIT) and the McCrary Institute. ACIC’s mission is to provide local governments with real‑world cybersecurity expertise, tools, and support that would otherwise be out of reach due to budget or staffing constraints.
What McCrary Secure Offers
Through ACIC, the McCrary Secure program delivers a bundle of fundamental, rapidly deployable services: basic cyber hygiene, multi‑factor authentication, penetration testing, incident‑response planning, and continuous monitoring of every device on a municipal network. These services are designed to show local leaders exactly how an attacker could break in and where defenses need strengthening.
Funding the Initiative
McCrary Secure is made possible by the State and Local Cybersecurity Grant Program (SLCGP), a $19 million, five‑year federal investment authorized under the Infrastructure Investment and Jobs Act. The grant covers the cost of high‑value activities such as penetration testing and 24/7 monitoring, allowing participating jurisdictions to receive protection at no direct expense.
Leadership Endorses the No‑Cost Protection Model
Nick Sellers, chief operating officer of the McCrary Institute, emphasized the program’s accessibility: “We’re giving local communities in Alabama a fighting chance… It’s a no‑risk means to make your community safer. That’s what land‑grant institutions do.” His remarks underscore the commitment to equip even the smallest towns with enterprise‑grade defenses.
Calera’s Experience: A Concrete Example
Calera, a growing city in southern Shelby County, faced budget limits, staffing shortages, and aging technology that hindered its ability to spot vulnerabilities. After enrolling in McCrary Secure, city leaders reported a clearer view of their risk landscape and a prioritized roadmap for improvement.
Voices from the Field
James Fuller, Calera’s chief information officer, praised the partnership: “What impressed me most is that this wasn’t just about receiving equipment or services; it was about gaining a true partner in cybersecurity… Programs like this help level the playing field for communities like Calera.” His testimony highlights the value of collaborative guidance over one‑off tool deliveries.
Building the Next Generation of Cyber Defenders
ACIC also functions as a workforce‑development pipeline. Students from Auburn University’s Samuel Ginn College of Engineering gain hands‑on experience with industry‑standard platforms such as Splunk and CrowdStrike in a real operational environment. Jonathan Sherk, State and Local Program Manager at the McCrary Institute, noted that this exposure is “incredibly valuable” because it familiarizes learners with the tools they will encounter professionally.
How Vulnerability Assessments Work
Tucker Simpson, a cybersecurity research engineer and project manager at the McCrary Institute, explained that ACIC’s process begins with extensive outreach—over 130 days spent meeting with more than 140 municipalities across Alabama. The team conducts vulnerability assessments, penetration testing, and attack‑surface analysis, then walks clients through the findings as if they were an attacker scoping a building: checking for unlocked doors, cameras, and other entry points.
Making Penetration Testing Accessible
Penetration testing is typically costly, but the SLCGP grant removes that barrier. Sherk pointed out that once weaknesses are uncovered, ACIC can immediately recommend concrete steps—such as acquiring new firewalls or implementing identity‑access management—and even assist OIT in procuring the needed equipment.
Round‑the‑Clock Monitoring and SOAR Automation
A cornerstone of McCrary Secure is its 24/7 monitoring service. Analysts watch real alerts on actual municipal networks, not simulations, using the same threat‑intelligence feeds that protect major corporations and federal agencies. To accelerate response, ACIC employs Security Orchestration, Automation and Response (SOAR) tools that can automatically block malicious IPs, kill harmful processes, or isolate compromised devices until human staff can intervene.
The Impact of Automated Response
Simpson illustrated the benefit: “Many times, we’ll see something at night, and there’s not going to be anyone at that local government who can answer a phone call until the next morning. Instead, we can quarantine the device and wait to contact the customer in the morning.” This capability dramatically reduces the window during which an attacker can move laterally through a network.
Leadership Training via Tabletop Exercises
Beyond technical defenses, ACIC runs cyber tabletop exercises that guide mayors, commissioners, and council members through realistic worst‑case scenarios. Sherk observed that after these sessions, leaders often say, “I finally understand why my IT staff is asking for money,” prompting them to allocate budget for needed upgrades.
The Time‑to‑Detect and Contain Challenge
On average, organizations take 181 days to identify a breach and another 60 days to contain it. Simpson warned against complacency: “We have people tell us all the time, ‘I’ve never been hit.’ And it’s like — ‘do you want to keep rolling the dice?’ The only device threat actors cannot reach is one that’s turned off and unplugged, so do you keep hoping today’s not your day, or do you put things in place so that when someone does come poking, you’re ready?”
A Call to Action for Safer Communities
The McCrary Institute and AOIT frame their work as a statewide effort to make America safer, one small town at a time. By providing no‑cost, expert‑driven cybersecurity services, developing a skilled talent pipeline, and empowering local leaders with knowledge and tools, Alabama is building a resilient foundation that can withstand the evolving threat landscape.
For more information, visit the Alabama State and Local Government Cybersecurity Services page hosted by the McCrary Institute.

