Civilian Cybersecurity Budgets Set for Sustained Growth in FY 2023

Strengthening the cybersecurity posture of federal agencies is one clear theme throughout the recently released FY 2023 President’s Budget Request as the Biden Administration that outlines its discretionary and IT budget priorities for the coming fiscal year (FY).

Civilian Department Cybersecurity

The budget request released by the Office of Management and Budget (OMB) includes nearly $10.9B for Civilian agency cybersecurity-related activities. This would be an increase of more than $2.2B from the FY 2021 level of $8.6B and represent $26% growth.

One key note about the growth we see. First, relative growth here is measured against FY 2021 levels. Since the FY 2023 budget comes relatively on the heels of Congress passing final FY 2022 budget appropriations for federal agencies, many agencies compared their FY 2023 requests against their FY 2022 requested budgets or their FY 2021 actual budgets since the final FY 2022 budget levels were still working their way through the system. So it seems more reliable to measure growth here compared to FY 2021 levels.

OMB’s cybersecurity budget priorities for FY 2023 invests in programs to attain goals set in the May 2021 Executive Order 14028, “Improving the Nation’s Cybersecurity.” These goals and other risk management efforts include: ?

• Securing systems and data by adopting zero trust principles.
• Improving agency Investigative and Remediation Capabilities through security logging measures.
• Improving detection of vulnerabilities and incidents through Endpoint Detection and Response (EDR) real-time continuous monitoring.
• Improving agency Supply Chain Risk Management (SCRM) programs, reducing enterprise risk through exclusion and removal of vulnerable technologies and establishing SCRM acquisition standards.
• Increased use of cybersecurity shared services through Quality Service Management Offices (QSMO). The Cybersecurity QSMO is led by the Department of Homeland Security. ?

Government-wide cybersecurity funding priorities include: ?

• $486M increase for CISA to reach $2.5B for FY 2023.
• $300M for the Technology Modernization Fund (TMF) to support agencies as they modernize and secure legacy systems. ?

Top Ten Civilian Departments

The ten Civilian departments with the largest cybersecurity budgets for FY 2023 represent more than $8.7B in funding and account for 80% of the total Civilian cyber budget. Further, these top 10 departments account for $1.9B of the $2.2B in total growth from FY 2021 to FY 2023. At more than $2.6B, the Department of Homeland Security (DHS) with its enterprise cybersecurity mission more than doubles the next largest department, which is Justice at just under $1.3B.  (See chart below.)

When taken together these top ten departments above have a combined average growth rate of 26% from FY 2021 to FY 2023, although the individual growth rates vary among departments. Other observations include:

• State, Treasury, Justice and HHS reflect the largest proposed budget gains from FY 2021 at 98%, 49%, 37% and 37% respectively.
• DHS, VA and SSA also show large increases of 24-25%.
• Commerce is the only large department slated for a cyber- budget decline for FY 2023, with a reduction of 7% compared to FY 2021.

Parting Thoughts

While a $2.2B or 26% top-line increase over just two years is very robust for sure, one-year growth for FY 2023 may be in keeping with recent historical growth levels. That is, we may not be looking at atypical growth for cybersecurity budgets going into the next fiscal year.

Here’s why. In this budget, OMB reported the total Civilian cybersecurity budget for FY 2022 at $9.8B which, if accurate, is $1.2B or 14% above the FY 2021 level. That level and growth rate is basically identical to what was proposed in last year’s FY 2022 budget request. If the FY 2022 numbers are accurate, then year-to-year growth for FY 2023 is just over $1B and 11%, i.e. a bit lower than cyber-budget growth from FY 2021 to FY 2022.

So while the prospects for sustained opportunities for cybersecurity solutions among Civilian departments and agencies remains very strong looking toward the next fiscal year, the take-away in this budget is more about sustained strong growth vs. hugely atypical growth. Still, when compared to the Civilian total IT budget growth rate of 7.8% compared to FY 2021, the cybersecurity segment remains a highlight.

_____

For more analysis on the FY 2023 Federal Budget check out our report, FY 2023 Federal Budget Request: Priorities and Opportunities.