Protecting federal technology systems is a top government priority and a major challenge for agencies of all sizes. Cybersecurity efforts and related technology purchases are shaped by government-wide policies from the White House and Congress, along with changing technology standards and acquisition rules.

Deltek's report, Federal Cybersecurity Market, 2026-2028 examines the trends and drivers shaping the federal cybersecurity marketplace and provides a forecast for the next three years.

Cybersecurity Market Drivers

Assessing the federal cybersecurity market from a broad perspective, there are several categories of major drivers that continue to spur demand for government-wide and agency budget investments:

• Technology Policy – Security compliance, standards, and management policies addressing government-wide priorities.
• Acquisition Policy – Cybersecurity is a growing factor within federal acquisition policy.
• Evolving Technologies – Technical remedies to improve security and efforts to secure emerging technologies for greater adoption.

Driven by the multiple plans and initiatives focused on enhancing agency cybersecurity postures across the federal government, Deltek forecasts the demand for vendor-supplied cybersecurity products and services by the U.S. federal government will increase from $18.8 billion in FY 2026 to $20.7 billion in FY 2028.

Key Findings

• Fluctuating Cyber Budgets. Agency cybersecurity budgets show varied levels of growth and reduction, although the government-wide trend remains toward modest growth. This variability is expected throughout future budget cycles.
• White House Cyber Priorities. The White House is prioritizing cybersecurity through innovation in AI integration, post-quantum cryptography and IoT security.
• Sustained Cybersecurity Efforts. Multi-year cybersecurity efforts of zero trust enablement, incident detection and response, vulnerability management and others will drive the federal landscape throughout the forecast period, and beyond.
• CMMC is Here. DOD’s CMMC program is beginning its phased launch in November 2025. DOD contractors must plan for the lead time and cost of meeting the CMMC levels they need to compete. Similar FAR CUI rules are under consideration for the civilian sector.
• Supply Chain Security. Ongoing supply chain cybersecurity risk concerns continue to drive numerous risk management policies and programs. Contractors and suppliers need to stay informed and diligent to comply with federal secure-by-design and other principles and standards set by DOD, DHS, NIST, etc. Some risk management efforts include supplier reporting requirements.

Complex Technology Environments Present Cybersecurity Opportunities

Unknown security gaps and ongoing threats, combined with complex IT environments and fast-changing technologies, make it difficult to secure federal data and networks. Agencies must manage cybersecurity across a mix of legacy systems, cloud platforms, and new technologies, all operating on both government-owned and commercial infrastructure.

As agencies expand digital services and adopt cloud applications, mobile tools, and advanced technologies like artificial intelligence and data analytics, they face new and layered security risks. At the same time, these technologies offer significant opportunities.

These factors drive ongoing federal cybersecurity modernization efforts that present promising contractor opportunities over the next several years.

Get more of our perspective in the full report, Federal Cybersecurity Market, 2026-2028.