Civilian Cybersecurity Budgets Slated for Continued Growth in FY 2025

Boosting the cybersecurity posture of federal agencies is a sustained theme throughout the recently released FY 2025 President’s Budget Request, as the Biden Administration presents its discretionary and IT budget priorities for the coming fiscal year (FY).

Civilian Department Cybersecurity

The budget request released by the Office of Management and Budget (OMB) in mid-March includes $13.0B for Civilian agency cybersecurity-related activities. This proposed $13.0B for Civilian agency cybersecurity would be an increase of nearly $1.2B from the FY 2024 estimated level of $11.8B and would represent 10% growth from the current FY.

The planned double-digit growth for FY 2025 sustains a pattern of OMB requesting 10% or more in aggregate year-to-year growth for Civilian agency cybersecurity budgets. However, under current OMB estimates in this latest budget, Civilian agency cybersecurity budget growth from FY 2023 to 2024 comes in at 5%, which is an anomaly compared to recent budgets going back several years. However, this FY 2024 amount may be due to most of the agencies still operating under a continuing resolution (CR) at the time the budget was released, and so we may see revised FY 2024 numbers in the future. (See chart below.)

According to OMB, the FY 2025 budget invests in cybersecurity to continue to attain goals set in the May 2021 Executive Order 14028, “Improving the Nation’s Cybersecurity,” OMB’ s January 2022 Zero Trust Strategy and the White House’s March 2023 National Cybersecurity Strategy (NCS).

Early in this budget cycle, OMB set out its cybersecurity priorities to guide agencies in preparing their FY 2025 budgets, directing them to prioritize funding consistent with the NCS.

Top FY 2025 cybersecurity funding priorities include: ?

• $157M increase for the Cybersecurity and Infrastructure Security Agency (CISA) to reach $3.15B
• $470M for the Continuous Diagnostics and Mitigation (CDM) program
• $394M for the Joint Collaborative Environment (JCE) for the continued build of the Cyber Analytics and Data System (CADS)
• $116M to implement provisions in the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA).

Top Ten Civilian Departments

The ten Civilian departments with the largest cybersecurity budgets for FY 2025 represent more than $10.5B in funding and account for 81% of the total Civilian cyber budget. Further, these top ten departments account for over $1.0B of the nearly $1.2B in total growth from FY 2024 to FY 2025.

At more than $3.1B, the Department of Homeland Security (DHS), with its enterprise cybersecurity mission, well exceeds the combined cyber budgets of the next two largest departments, Treasury and Justice at $1.2B and $1.6B, respectively. (See chart below.)

When taken together these top ten departments above have a combined average growth rate of 11% from FY 2024, (and +15% from FY 2023 to FY 2025), although the individual growth rates vary among departments. Other observations include:

• Veterans Affairs, Energy and Transportation reflect the largest proportional budget gains from FY 2023 at 45%, 33%, and 18%, respectively.
• Treasury, the Social Security Administration and Justice also see double-digit increases from FY 2024 of 15%, 15% and 10%, respectively.
• Commerce and State are the only large departments slated for cyber budget declines for FY 2025, with Commerce seeing a reduction of 8% and State being reduced by 7%, compared to FY 2024. It is worth noting that State is estimating that they are spending $167M (+29%) more in FY 2024 than they did in FY 2023, so the reduction for FY 2025 still puts them above FY 2023 levels. In contrast, DOC sustains its flat-to-declining cyber budget trend over the last several years.

Department of Defense Cyber Budget Details Still to Come

Details from the Department of Defense (DoD) on their cybersecurity budget and plans are currently sparse, although they have stated that they are requesting $14.5B for FY 2025 for cyber activities across the department and military services. DoD’s full FY 2025 IT and Cyberspace Activities budget was not publicly available at the time of publishing of this article. However, DoD has said that their cybersecurity priorities continue to focus on deploying zero trust, developing and modernizing their cybersecurity tools and capabilities, safeguarding DoD information across networks, and funding research and development (R&D) of advanced cybersecurity technologies and capabilities. Stay tuned for more analysis and discussion as details emerge.

Final Thoughts

While a $1.7B or 15% top-line increase in Civilian cybersecurity budgets for FY 2025 compared to FY 2023 is significant, previous 2-year growth rates over the last several budget cycles have consistently run in the 25%-plus range. Of course, drawing too many conclusions about this comparatively softer growth is premature and fraught with peril. Time will tell whether Civilian cyber budgets may be finally approaching the levels necessary to effectively meet the challenge, whether efficiencies are being realized, or if simply more of the federal cyber mission is begin shifted behind the shroud of classified programs.

_____

For more analysis on the FY 2025 Federal Budget check out our report, FY 2025 Federal Budget Request: Priorities and Opportunities.