In recent months, the House of Representatives has been hard at work crafting various spending bills for fiscal year 2023. While these bills provide funding for a wide range of government programs and agencies, there was one thing that stood out. Collectively, the bills making their way through the House allocate $15.6 billion for cybersecurity spending.
As you might guess, the bulk of that spending ($11.2 billion) is being allocated to the Department of Defense. However, it is worth noting that nearly $3 billion goes to the Cyber Security and Infrastructure Security Agency (CISA).
While it may be tempting to think of these cybersecurity budget allocations as just another example of government overspending, it’s worth considering what a $15.6 billion infusion of cash means for the IT security industry. It is equally important to consider why the US government finds it necessary to increase its spending on cyber security to such a degree.
What does increased government spending on cyber security mean for the future?
So what does all this cyber security spending mean for the future? For starters, this means 2023 will be a good year for cybersecurity companies that are authorized to sell their products to the government. Such companies are likely to see record profits and may end up hiring additional staff to help meet the sudden demand for their products and services.
More importantly, all this spending will almost certainly spur innovation. In the past (pre-cloud), security companies would generally release a new version of their products every year to keep up with an ever-changing security landscape. These new versions almost always contained new features that were designed to entice customers and give them a leg up on competitors (who would inevitably add a comparable feature in the next version of their product).
Although the cloud era has forced security companies to change the way they do things, the basic concepts from years past still apply. The main difference is that the cloud has given these companies the ability to release new features and capabilities much faster than might have been possible in the past.
Investing in Cyber Security Innovation
All of this means that innovation has always been an important part of the cybersecurity industry. Security companies have always invested resources in developing new tools and capabilities that will help them stay ahead of cybercriminals and competitors.
With billions of dollars in government spending pouring into the security industry, we will almost certainly see security products and cloud services eventually take an exponential leap forward as a direct result of being able to invest more in the development of product and safety research.
This innovation will not be limited to security product vendors and cloud providers. Remember that CISA will receive $2.9 billion. CISA has historically provided cybersecurity guidance and recommendations to government agencies and the private sector.
These recommendations are not pulled out of thin air, but are the product of research. The increased funding will allow CISA to engage in even more cybersecurity research, ultimately positioning it to produce better recommendations.
Why is the government spending more on cyber security?
The increase in budget allocations for cybersecurity is most likely linked to a White House directive from March 21, 2022, emphasizing the need for increased cyber defense. The directive follows a long line of high-profile security incidents, such as last year’s attack on the Colonial pipeline, which caused fuel shortages along the east coast.
It is worth noting that this statement was not addressed exclusively to government agencies. The statement also encouraged private sector businesses to strengthen their cyber security defenses in line with CISA guidelines.
Strengthen your cybersecurity initiatives, without the price tag
CISA offers numerous recommendations on how organizations can improve their overall cyber security, but many of these guidelines relate to passwords.
If your organization isn’t quite ready to make such a large investment in cybersecurity, it’s a good idea to start with quantifiable metrics to see where your Active Directory is (or isn’t!) at risk. Gather your organization-specific cybersecurity metrics with a free, read-only Password Audit from Specops.
This scan will generate reports that demonstrate the effectiveness of your organization’s password policy and existing password security weaknesses. This free tool can also help you identify other vulnerabilities, such as accounts using passwords that are known to be cracked or passwords that do not adhere to compliance standards or industry best practices. Download Specops Password Auditor for free today.
