Defense Cybersecurity – A Look at Contracted Spending

Published: November 12, 2014


“Follow the money,” as the saying goes, helps sift fact from fiction when it comes to complex and cloudy situations. This is true when assessing what the Pentagon and its component branches spend on information security, or cybersecurity. Government data on reported prime contracts help point the way.

Last week, I looked at our recent forecast assessment of the total federal information security market and the trends and drivers that keep this market growing when other segments are under extreme budget pressure. This week I’ll focus on a historical perspective on cybersecurity spending that helps inform our market outlook, specifically the Department of Defense (DoD).

To get a sense of what the Pentagon has been spending recently on contracted information security goods and services Deltek analyzed data on prime contract obligations reported to the Federal Procurement Data System (FPDS) identified by a broad range of key words used like antivirus, assurance, credential, cyber, cybersecurity, diagnostic, encryption, FISMA, HSPD-12, ICAM, IDaM, identity, information security, intrusion, malware, monitoring, PII, PIV, privacy, private, risk management, security compliance, steganography, and VPN.

The data here covers security hardware, software, and related services and provides an approximate baseline total contract value (TCV) for information security prime contract awards that can be used to assess the overall size and composition of historical federal information security spending over the last six years.

Total Defense Information Security Spending – FY 2009-2014

Through this analysis we identified about $11 billion in prime contract spending across the entire federal government from FY 2009 through FY 2014. The Defense Department makes up $4.5 billion or 41% of this $11 billion in total reported federal cyber contract obligations since 2009. For this period the Defense Agencies, Navy, Army, and Air Force had total obligations of $1.7 billion, $1.3 billion, $1.1 billion, and $443 million respectively and these account for 38%, 29%, 24% and 10% of the total DoD obligations respectively. (See chart below.)

Services Spending Outpaces Products

As is consistent across most federal agencies and the federal government as a whole, the DoD spend the vast majority of its information security contracting dollar on services. Deltek analysis of federal reported contract obligations for the period found that 85% of the Defense Department’s information security spending was used to procure security-related IT services and 15% of contracted funding supported buying security products. (See chart below.)


Get more of our perspective on what is driving federal information security spending in our latest report: Federal Information Security Market, FY 2014-2019.