January 20, 2023 By Mark Stone 3 min read

It’s no secret that cyberattacks in the U.S. are increasing in frequency and sophistication. Since cyber crime impacts millions of businesses and individuals, many look to the government to see what it’s doing to anticipate, prevent and deal with these crimes.

To gain perspective on what’s happening in this area, the U.S. government’s budget and spending plans for cyber is a great place to start. This article will explore how much the government is spending, where that money is going and how its budget compares to previous years.

How much is the U.S. spending on cybersecurity, and where is the money going?

In June 2022, the U.S. announced new spending bills for the fiscal year 2023, including an allocation of $15.6 billion for cybersecurity. The majority of the money — $11.2 billion — will be appropriated for the Department of Defense (DoD), and $2.9 billion will go to the Cybersecurity and Infrastructure Security Agency (CISA).

The money going to the DoD will be used in a variety of ways. For example, Paul Nakasone, commander of the U.S. Cyber Command, has discussed plans to grow five Cyber Mission Force teams. Approximately 133 of these already exist and focus on carrying out defensive cyber operations.

How involved is the private sector in the allocation of funds?

Clearly, the majority of funds in the new budget will go to government agencies. However, the government also plans to invest in the private sector and has discussed the importance of strengthening relationships with companies and private organizations.

One key area here is information sharing; after all, cybersecurity is a team sport. However, the government has faced criticism in the past for expecting detailed data from companies while failing to provide adequate information on their end. Recently, government agencies have spoken more about working towards more open and two-sided information sharing, but only time will tell how successful that strategy will be.

U.S. lawmakers have asked the defense secretary to work more closely with CISA and the private organizations within it, especially in areas related to Russian and Chinese activity. CISA has also received $417 million more in funding than was initially requested by the White House.

How do current federal investments in cyber compare to previous years?

Compared to the previous few years, investment in cybersecurity is gradually increasing. 2021 saw $8.64 billion in spending, followed by a slight increase in 2022.

It’s a positive trend that signals the government is taking the issue seriously. But are state and local governments keeping up?

How is cyber investment changing at the local and state levels?

The data shows that the government is also investing in cybersecurity in non-financial capacities at the local and state level. In 2021, for instance, state legislative sessions saw more than 285 pieces of cybersecurity-related legislation introduced, and in 2022 that number increased to 300.

In addition, President Biden introduced the Infrastructure Investment and Jobs Act in 2021, which allocated $1 billion in grants to bolster cybersecurity at the local, state, tribal and territorial levels. The government will distribute this amount over four years until 2025.

It adds up to a promising development for local and state governments, who are finally gaining the resources to protect their communities more effectively. Plus, it demonstrates a growing understanding of the importance of cybersecurity at the federal level and, hopefully, a more informed approach in the future.

Promising signs for the future

While cybersecurity funding is one truly positive sign, there are more reasons to be hopeful — such as the appointment of the USA’s first-ever National Cyber Director, Chris Inglis.

Looking to the future, the U.S. will need to constantly readjust its cyber defense posture and adapt to this ever-changing landscape, especially as cyber crime becomes not only more common but also more challenging and complex. It costs money to do that effectively, so the government must prioritize cyber funding for the foreseeable future.

Of course, individual organizations will need to take responsibility for their own security, too.

IBM can help — with solutions like the Security QRadar XDR, you get a suite of tools and powerful features to help you defend your organization against attacks and keep your teams focused on what’s important. Find out more here.

More from Government

NIST’s security transformation: How to keep up

4 min read - One thing that came out of the pandemic years was a stronger push toward an organization-wide digital transformation. Working remotely forced companies to integrate digital technologies, ranging from cloud computing services to AI/ML, across business operations to allow workers to keep up high production and efficiency standards. Now that businesses and consumers have adjusted to the new normal of digital transformation, it is time to develop a security transformation strategy. Coping with the speed of change A constantly evolving tech…

Cyber experts applaud the new White House cybersecurity plan

4 min read - First, there was a strategy. Now, there’s a plan. The Biden Administration recently released its plan for implementing the highly anticipated national cybersecurity strategy published in March. The new National Cybersecurity Strategy Implementation Plan (NCSIP) lays out specific deadlines and responsibilities for the White House’s vision for cybersecurity. The plan is being managed by the White House’s Office of the National Cyber Director (ONCD). Cybersecurity experts have applauded the Administration’s plan as well as the new implementation calendar. For example,…

How the FBI Fights Back Against Worldwide Cyberattacks

5 min read - In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service,…

How NIST Cybersecurity Framework 2.0 Tackles Risk Management

4 min read - The NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines. The updated CSF is being aligned with the Biden Administration’s National Cybersecurity Strategy, according to Cherilyn Pascoe, senior technology policy advisor with NIST, at the 2023 RSA Conference. This sets up the new CSF to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today