Civilian Cybersecurity – A Look at Contracted Spending

Published: November 19, 2014


Would it surprise you to learn that federal civilian departments and agencies account for nearly 60% of reported information security prime contract spending over the last several years? Let’s follow the data to see how this plays out.

Last week, I looked at Defense contracted cybersecurity spending as part of our recently published federal cybersecurity market forecast report, which looks at the trends and drivers that keep this market growing when many other segments are contracting under budget reduction pressures. This week I’ll focus on the of top federal civilian departments and their historical cybersecurity spending that helps inform our market outlook.

Similar to our defense analysis, Deltek analyzed data on prime contract obligations reported to the Federal Procurement Data System (FPDS) to get a sense of what civilian departments and agencies have been spending in recent years on contracted information security goods and services. These contracts were identified and sifted through using a broad range of key words like antivirus, assurance, credential, cyber, cybersecurity, diagnostic, encryption, FISMA, HSPD-12, ICAM, IDaM, identity, information security, intrusion, malware, monitoring, PII, PIV, privacy, private, risk management, security compliance, steganography, and VPN.

The data here covers security hardware, software, and related services and provides an approximate baseline total contract value (TCV) for information security prime contract awards that can be used to assess the overall size and composition of historical federal information security spending over the last six years.

Top Civilian Information Security Spending – FY 2009-2014

Our analysis identified about $11 billion in prime contract spending across the entire federal government from FY 2009 through FY 2014 and the civilian buyer segment accounts for $6.4 billion or 59% of this $11 billion. The spending is fairly concentrated. The top 10 civilian departments had combined total obligations of $5.6 billion, or 87% of total civilian contracted spending for this period. (See chart below.)

The top 5 departments – NASA, DHS, GSA, SSA, and State – account for 68% of spending for the period and make up nearly $4.4 billion in TCV.

Civilian Services Spending Dwarfs Spending on Products

The civilian buyer segment spends the vast majority of its information security contracting dollars on services, which is consistent with what we observed on the defense side as well. Deltek analysis of federally reported contract obligations for the period found that $5.81 billion (90%) of the civilian information security spending was used to procure security-related IT services and $642 million (10%) of contracted funding supported buying security products.

The top four civilian departments make up and 79% and 63% of information security-related products and services spending respectively, although the departments which make up the top four in each area differ. DHS is the only department that is a top buyer in both areas, as we might expect. (See chart below.)

Get our full perspective on the federal information security market in our latest report: Federal Information Security Market, FY 2014-2019.