Beyond Geography and Budget: Machine Learning for Calculating Cyber Risk in the External Perimeter of Local Public Entities

Due to their vast number and heterogeneity, local public administrations can act as entry points (or attack surfaces) for adversaries targeting national infrastructure. The individual vulnerabilities of these entities function as entry points that can be exploited to compromise higher-level government assets. This study presents a nationwide risk analysis of the exposed perimeter of 7000 municipalities, achieved through the massive collection of 93 technological and contextual variables over three consecutive years and the application of supervised machine learning algorithms. The findings of this study demonstrate that geographical factors are a key predictor of external perimeter cyber risk, suggesting that supra-local entities providing unified, shared security services are better positioned in terms of risk exposure and therefore more resilient. Furthermore, the analysis confirms, contrary to conventional wisdom, that IT budget allocation lacks a significant statistical correlation with external perimeter risk mitigation. It is concluded that large-scale data collection frameworks, enhanced by Artificial Intelligence, provide policymakers with an objective and transparent tool to optimize cybersecurity investments and protection strategies.