Research Report: The Virtual Public Sector

Cybersecurity feels budget pressures

Even as government budgets continue to get squeezed, agency officials hope to keep making much-needed investment in their cybersecurity efforts, according to a new survey.

The budget battles come at a time when information technology executives are anxious to expand their cybersecurity initiatives.

In the survey, conducted by the 1105 Government Information Group, 71 percent of respondents agreed that cybersecurity demands at their agencies were increasing even as their budgets were decreasing. Only 11 percent disagreed, with 18 percent being neutral. (See chart.)

Figure 1

Chart

Training is often one of the first places agencies look to slash spending. In this case, that could be especially troubling, because agencies are being told by their inspectors general, the Government Accountability Office and the White House that they need to strengthen their cybersecurity workforce.

But so far, the results are mixed. Forty-two percent of respondents said their training budgets have been reduced, 19 percent said their IT budgets have been reduced (training excluded) and 35 percent said they have seen minimal impact.

Still, the majority of respondents expect to maintain (49 percent) or even increase (31 percent) their cybersecurity investments in the next year. Only 20 percent said they expect their budgets to decrease.

In any case, ongoing budget pressures are likely to change how IT managers shop for cybersecurity products, said Jeff Wilson, principal analyst for security at Infonetics Research, a market research and consulting firm.

“Customers are tired of investing in solutions that don’t really improve their security posture and are looking to make changes,” said Wilson, in a recent report. Across the board, Infonetics anticipates an extreme focus on efficacy, with particular interest in products with unified threat management or next-generation firewall features.

To help agencies save money on cybersecurity technology, the Obama administration established a series of Situational Awareness and Incident Response blanket purchase agreements. They offer volume discounts off pricing available through General Services Administration schedules. The administration estimates that in fiscal 2012, agencies realized $14 million in cost avoidance. 

That said, technology accounts for only 5 percent of cybersecurity budgeting, compared to 90 percent for personnel, according to the Obama administration’s fiscal 2012 report to Congress on the implementation of the Federal Information Security Management Act of 2002. Of the remaining cybersecurity money, 3 percent goes toward risk management activities and 1 percent each to testing and training.

Although the personnel costs are essentially fixed, administration officials believe that agencies can get more for the money they spend on staffing.

“Making the IT security workforce more productive, more capable and more collaborative offers one of the most significant opportunities for even more cost-effective IT security spending,” the FISMA report states. “This workforce-enabling strategy requires going beyond technical trainings to include process improvement, innovation encouragement, collaboration mechanisms and accountability structures.”

According to the report, the federal government has more than 90,000 full-time equivalent positions with major responsibilities in information security. However, a third of these are contractor positions. “IT security has consistently been a functional area that depends on talent and technical expertise from industry and commercial sources,” the report states.

Methodology and survey demographics

Between May 28 and June 6, 2013, 186 subscribers of FCW, GCN and other 1105 Government Information Group publications responded to an e-mail survey about cybersecurity trends in government agencies. Survey respondents were comprised of those with insight into their agencies selection of cybersecurity strategies. Beacon Technology Partners developed the methodology, fielded the survey and compiled the results.

Approximately three out of four respondents were technology decision-makers (CIOs or other IT managers or professionals), while 24 percent were senior managers, program managers or other business decision-makers. Approximately 67 percent came from the federal government (33 percent civilian, 34 percent defense) and 33 percent from state or local government agencies.

About this Report

This report was commissioned by the Content Solutions unit, an independent editorial arm of 1105 Government Information Group. Specific topics are chosen in response to interest from the vendor community; however, sponsors are not guaranteed content contribution or review of content before publication. For more information about 1105 Government Information Group Content Solutions, please email us at GIGCustomMedia@1105govinfo.com

 

ON-DEMAND WEBCAST
Cybersecurity Research Report: Agencies Battle Cyber Threats, Budget Cuts

View this on-demand webcast presentation to get an in-depth look on everything related to cybersecurity and how to stay ahead of the curve.