Securing the Courts: Managing Cyber Risk Across a Complex Public Sector Ecosystem

Presented by Gartner

For Gavin Green, Chief Information Security Officer for the Florida Office of the State Courts Administrator, cybersecurity is not confined to one agency, one network, or one set of users. The court system sits inside a broad and interconnected ecosystem that includes judges, clerks, public defenders, state attorneys, police departments, sheriff’s departments, law offices, and other partners.

Green describes that environment as “a big bowl of spaghetti,” where it can be difficult to see where one connection starts and another ends. That complexity is a defining feature of the modern public sector attack surface. A compromise in one connected organization can create risk for another. For courts, that means cybersecurity leadership requires visibility, coordination, and a deep understanding of how systems and stakeholders interact.

Artificial intelligence adds another layer of complexity. Green says the courts are in a discovery and conversation phase around AI. Like many organizations, they see the promise of AI to improve processes, reduce workloads, and create efficiencies. But Green is cautious about adopting a new tool simply because it is powerful or popular. His priority is making sure AI is evaluated through a cybersecurity and governance lens before it becomes embedded in court operations.

That does not mean slowing innovation for the sake of caution. Green frames the challenge as enabling courts to operate securely. He does not want to introduce unnecessary risk, but he also does not want to harm efficiency. That balance is one of the hardest parts of public sector cybersecurity leadership today: making sure agencies can modernize without creating new vulnerabilities that undermine the mission.

One of the major tools helping Florida’s courts strengthen their posture is a managed security services provider model. Green explains that the MSSP provides an incident response retainer, giving courts access to professional support when they face a ransomware attack or other security incident. That is especially important because some courts do not have dedicated cybersecurity staff. In smaller environments, the same person may be responsible for CIO duties, servers, email administration, and other IT functions.

The MSSP also provides access to a service catalog that includes offerings such as internal and external penetration testing. Those services help identify gaps and reduce risk across the court system. As more courts use the model, Green says the overall cybersecurity posture of the statewide system improves.

The model also gives court leaders agility. They can access expertise when they need it, especially during an incident, without having to build every capability internally. Green says that flexibility provides reassurance to CIOs and IT leaders who worry about being the next target.

Looking ahead, Green is particularly focused on dependence. As organizations rely more heavily on AI for daily processes, answers, workflows, and decision support, those AI systems become high-value targets. His concern is straightforward: the more essential AI becomes to operations, the more attractive it becomes to malicious actors.

For Green, the future of cybersecurity in the courts will require careful AI adoption, stronger shared services, and a clear-eyed view of interconnected risk. The mission is not to say no to innovation. It is to make sure innovation is implemented securely enough to support the courts, protect stakeholders, and maintain trust.

Key Takeaways

• Court systems operate in a highly interconnected environment where risk can move across agencies, offices, and partner organizations.
• AI adoption must be balanced with governance, security review, and operational efficiency.
• Managed security services can help smaller or resource-constrained courts access incident response, testing, and cyber expertise.