May 22, 2024

Government Must Increase Funding on Cybersecurity to Protect Citizens

The Evolving Threat Landscape
Cyber threats are constantly changing as bad actors adapt their tactics. Only a few years ago, many cyber attacks focused on stealing sensitive financial data or personal information. However, threats have evolved significantly. Now, cybercriminals are using more sophisticated techniques like ransomware to hold critical infrastructure and services hostage until large ransom payments are made. Some nation-states are even using cyber capabilities to interfere in other countries’ elections or sabotage infrastructure like power grids. With the digitalization of nearly every aspect of modern life, the potential impacts of a major cyber attack are greater than ever before. Our increasingly connected world has created many new opportunities for criminals and foreign adversaries to do real harm.

Outdated Defenses Leave Major Gaps

While threats continue to advance at an alarming rate, many government cyber defenses have not kept pace. Budget shortfalls have left agencies with outdated security tools, insufficient staffing, and limited capabilities. A recent government report found several agencies were still relying on end-of-life operating systems no longer receiving security updates. Others had not implemented basic security practices like multifactor authentication. Network monitoring and incident response capabilities at some departments were described as “severely deficient.” These security gaps could allow even unsophisticated attackers to breach government systems and access sensitive data. Valuable taxpayer dollars and citizens’ private information are being left exposed due to lack of prioritization and underfunding of cybersecurity efforts over many years.

Increasing Attacks on Critical Infrastructure

Another worrying trend is the growing number of cyber incidents targeting critical infrastructure like power grids, water treatment facilities, transportation systems and more. These systems were often designed and connected without modern cybersecurity in mind. Now adversaries are scanning for vulnerabilities that could give them access and ability to disrupt services. A successful attack could endanger public health and safety. In 2020, suspected Russian hackers breached software used by hundreds of American cities and towns. If activated, ransomware planted on their networks could have shut down services like 911 call centers or computer-aided dispatch for first responders. While disruption was averted, the incident highlighted how vulnerable essential services can be. Adequate funding is desperately needed to audit defenses, patch vulnerabilities and monitor these sensitive networks around the clock.

Cost of Breaches Far Outweigh Prevention Spending

When attacks and data breaches do happen, the costs are tremendously high – not just in taxpayer dollars but reputational damage as well. A 2021 report estimated the global price of cybercrime will reach $10.5 trillion annually by 2025, up from $3 trillion in 2015. For comparison, most experts estimate global spending on cybersecurity hovers around $150 billion per year – a fraction of damages caused. A single major hack exposing millions of records can generate hundreds of millions in legal fees, notifications, credit monitoring and more for the impacted organization. And while governments fund some assistance programs after incidents, much of the financial burden still falls on companies and citizens. Stepping up spending on robust protections and prevention strategies is infinitesimally more affordable than constantly paying to clean up cyber disasters after the fact with no long-term solutions in place.

Return on Security Investment

Fortunately, research also shows that proactive cybersecurity spending has clear long-term benefits and positive return on investment. Governments that make cyber a funding priority report significant reductions in data breaches and operational disruptions over time. They also experience cost savings through prevented outages, business interruptions or ransom payouts. While initial investments may seem high, security budgets that include regular staff training, technology upgrades, threat monitoring and more help maintain continuous protection proportionate to evolving risks. This type of strategic approach minimizes long-tail expenses from future incidents that could have otherwise been avoided. When cyber is treated as the critical priority that it is, agencies are better able protect citizens and deliver uninterrupted digital services that modern life relies on.


Based on the growing threats and lack of sufficient defenses discussed above, some recommendations for government include:

– Increase annual cybersecurity funding allocations and ensure they receive ongoing support over multiple fiscal years for long-term protection.

– Audit current defenses using third-party experts and develop detailed multi-year roadmaps for upgrading outdated tools and plugging coverage gaps.

– Mandate strict baseline security requirements across agencies and audit compliance regularly with consequences for violations.

– Hire additional cybersecurity staff where shortages exist, prioritizing technical expertise, incident response and threat monitoring roles.

– Require thorough security reviews of any systems connecting critical infrastructure and services like energy, transportation, water/waste management.

– Develop comprehensive incident response plans in partnership with private sector entities who also need rapid reassurance and guidance when under attack.

– Invest in cybersecurity research to stay ahead of emerging threats and technologies, including training American students in these important national security fields.


In today’s hyper-connected world, strong cyber defenses are imperative to protect both government operations and citizens who trust agencies to keep them safe. While costs are significant, continuing with underfunded, outdated approaches will only lead to much more expensive consequences in the long run. Cybersecurity must become a consistent budget priority that receives stable, long-term investments proportionate to evolving digital threats. When governments demonstrate the will to proactively address vulnerabilities and monitor for incidents, they help safeguard both public and private sector partners from costly disruptions and data breaches. Our interconnected digital future depends on collaborative, well-resourced security efforts at all levels. Citizens deserve vigilance against rapidly multiplying cyber risks.


  1. Source: Coherent Market Insights, Public sources, Desk research
  2. We have leveraged AI tools to mine information and compile it