States and localities will face a range of risks – including nation-state attacks, critical infrastructure threats and more potent forms of ransomware – in the coming year. Addressing these threats will require state and local agencies to invest more time and money to adopt sound security policies, improve employee training, and deploy stronger security tools and services.