Key Highlights From the FY19 Cybersecurity Budget

By Lloyd McCoy, Market Intelligence Manager

The newly minted FY19 budget stands out because the federal government passed it on time and for the first time in nine years, government agencies begin the new year equipped to fund new and ongoing IT investments. In what is welcome, albeit not surprising news for security providers, cybersecurity remains the highest priority in the IT budget.

When it comes to security-specific spending, all signs point to the recently passed budget largely aligning to the initial agency wish lists.

Below are some of the key takeaways to help you map out your targeting strategy. Note that these figures don’t wholly encompass security spending as a substantial (though unknown) level of security spending isn’t formally recognized as such.

The FY 2019 Budget includes approximately $15 billion of budget authority for cybersecurity-related activities, a 4.1% increase above the FY18 Estimate. DOD was the largest Department by far, planning to spend about $8.5 billion on security this year. That’s about 4% more than what it spent last year. Civilian agencies make up the difference while also increasing their security spend by about 4%.

DOD cyber spending is likely higher given that over 20% of military IT spending is classified and thus not included in these totals

DHS accounts for over a third of civilian cybersecurity spend; DHS oversees cyber programs that span the entire civilian sector. 

Only Treasury, State, Commerce and the National Science Foundation saw flat growth or a slight decline

Every agency is responsible for protecting its own network and may have unique mission-based requirements. However, as you set appointments with program managers and other decision makers keep in mind these universal priorities permeating both civilian and defense agencies:

• A big emphasis and where agencies need help from industry are in risk management and security awareness. You will see spending aligned toward identifying and then protecting high value assets.
• You’ve heard this before but it’s still very true – cybersecurity should be integrated from the beginning within every solution the government. This is especially pertinent for newer technologies like cloud, IoT, blockchain, and mobile-related ventures.
• Agencies are increasingly cognizant of the need to be less reliant on traditional perimeter security, especially as IT environments become more decentralized. You’ll get more traction if you bring solutions which offer protections at the application and data level.
• Supply chain security featured heavily in the National Defense Authorization Act of 2018 as well as the recent budget. In the coming year expect regulations put in place to prohibit government agencies from working with IT vendors who have unreliable supply chains. Be transparent and exercise rigor in your own risk assessments. This will go a long way toward assuaging government concerns over supply chain security.
• Lastly, I often hear concerns from government decision makers about vulnerabilities introduced by complex environments and systems that don’t work well with each other. Identity and network protection tools and solutions that can handle the complexity of protecting multi-cloud, multi-vendor environments will resonate well with agencies of all stripes and sizes.

Keep current with what’s happening in the government marketplace and subscribe to immixGroup’s Government Sales Insider blog.