Federal Cybersecurity Spending in FY 2025, So Far

The opening months of the second Trump Administration have seen a surge of actions and policies that are impacting the contracting landscape, directly and indirectly. What impacts, if any, are these factors having on cybersecurity contracting? Analysis of federal contract obligation data provides a perspective.

Identifying Federal Cybersecurity Contract Spending – A Word on Methodology

Examining contracting data reported by federal agencies to identify their cybersecurity spending requires some effort. What follows is not a perfectly air-tight methodology to identify contract spending on cybersecurity down to the dollar. This reality is due to the nature and limitations of the available government data. However, the approach does provide a useful view into the size and trends within the federal cybersecurity market segment.

First, I reviewed nearly 650K contract obligation records filed in the Federal Procurement Data System (FPDS) with action dates in fiscal year (FY) 2025, which began October 1, 2024. The analysis considered these contract actions from the first quarter (Q1) though mid-May, which is half-way through Q3. These are labeled Q3 To-Date, or Q3TD. One timing note: given the historical propensity by the Department of Defense (DoD) to lag in its contract reporting by as much as 90 days, the amounts that follow may be understated.

Cybersecurity contract spending predominantly falls within three broad categories – Information Technology (IT), Professional Services and Research and Development (R&D) – which GovWin assigns to each contract action based on Product Service Code (PSC) and our proprietary smart tag classifications.

I then searched the contract requirement description and contract names for each transaction for a selection of cybersecurity-related keywords. Results were then refined by a review of contract requirements descriptions to determine as much as possible that the action contains relevant cybersecurity work. Again, these results are admittedly not precise in nature, but the analysis does provide a useful view into the market.

Finally, this data analysis provides a “snapshot in time” of which agencies have been obligating dollars for cybersecurity work and with which vendors.

FY 2025 Cybersecurity Obligations To-Date

The analysis of federal contract obligations described above reveals that federal departments and agencies have spent nearly $5.8B on cybersecurity services and solutions in FY 2025 through mid-May.

Examining the relative proportion of cyber-spending across the fiscal quarters and among the three categories presents a view into the timing and relationship between these categories. Looking vertically, we see that spending in Q1 (Oct-Dec 2024) only slightly outpaced spending in Q2 (Jan-Mar 2025).

This is a significant observation since Q1 fell in the waning days of the Biden Administration and Q2 coincides with the beginning of the second Trump Administration. While there has been a flurry of administration actions and policies that have impacted the contracting community – from contract terminations to implementation of the Department of Government Efficiency (DOGE) – there appears to have been some overall stability across Q1 and Q2 in cybersecurity contract spending.

Looking horizontally shows that cyber-related spending in the IT category is fairly stable from Q1 to Q2, while there is some variance in quarterly spending for R&D and Professional Services. It is still too early to draw conclusions from the Q3 spending data.

Top Cyber-Spending Departments

Shifting the view to which federal departments and agencies reported the highest level of cybersecurity obligations through this point in FY 2025 reveals that spending has been quite concentrated. The following fifteen federal departments reported more than $5.4B in cyber contract obligations through Q3TD, which accounted for roughly 95% of total reported cyber spending.

The top five departments alone accounted for $3.7B and approximately 65% of total reported obligations.

Top Cybersecurity Contractors – FY 2025 To-Date

Finally, examining which companies have been receiving these contracts actions provides a varied picture. Among all companies receiving total obligations above $70M over the period, the following firms accounted for $2.4B in cybersecurity contract obligations for FY 2025 to-date. The top five companies received $1.5B in contract obligations, with the remaining firms sharing the remaining $900M in obligations.

The relative share of these companies – both in aggregate and individually – of the total $5.8B in identified cybersecurity contract obligations over this period indicates a diversified marketplace with many firms participating. Below the above group, there are more than 1,200 firms that received obligations between $10K and $60M over the first quarters of FY 2025. The sheer number of firms receiving contracts for federal cybersecurity work demonstrates the depth and breadth of the market landscape, even with the presence of many large players.

Final Thoughts

This “snapshot in time” of federal cybersecurity spending naturally will change with the ebb and flow of agency initiatives and the lifespans of individual contracts. However, the magnitude and breadth of contracted spending on cybersecurity continues to support a robust and optimistic market outlook.