U.S. Public Sector Races to Fend Off New Security Threats

Rhea-AI Summary

Information Services Group (ISG) (Nasdaq: III) has released a report highlighting the cybersecurity challenges faced by U.S. public sector agencies. The 2024 ISG Provider Lens™ Cybersecurity report reveals that state, local, and educational (SLED) organizations are highly vulnerable to evolving cybercrime techniques, despite significant government spending on cybersecurity.

Key findings include:

• A $400 million federal grant program for state and local agencies
• Expected increase in training investments
• Growing demand for third-party cybersecurity services
• Adoption of Generative AI (GenAI) platforms with associated risks
• Investments in extended detection and response (XDR) and security service edge (SSE)
• Shift towards zero-trust approaches and AI-powered automated responses

The report evaluates 77 providers across six quadrants, naming several Leaders in multiple categories.

Positive

• $400 million federal grant program for state and local agencies' cybersecurity
• Expected growth in demand for third-party cybersecurity services
• Adoption of advanced technologies like GenAI, XDR, and SSE by public agencies
• Shift towards zero-trust approaches and AI-powered automated responses

Negative

• SLED organizations highly vulnerable to evolving cybercrime techniques
• Agencies constrained by budget and hiring limitations for cybersecurity
• Risks associated with new technologies like GenAI not yet fully known
• Complexity of managing multiple cybersecurity systems

Insights

Cybersecurity Expert

The U.S. public sector's cybersecurity landscape is undergoing a significant transformation, driven by the escalating sophistication of cyber threats. This shift presents both challenges and opportunities for agencies and cybersecurity providers alike.

The $400 million federal grant program for state and local agencies underscores the government's recognition of the critical nature of this issue. However, the varying levels of preparedness among SLED (State, Local and Educational) organizations highlight a concerning disparity in cyber resilience across the public sector.

The adoption of advanced technologies like Extended Detection and Response (XDR) and Security Service Edge (SSE) by some agencies is a step in the right direction. These tools offer a more holistic approach to security, helping to streamline complex cybersecurity systems and improve overall defense posture.

The growing interest in AI-powered tools for automating incident responses is particularly noteworthy. This trend aligns with the broader industry move towards intelligent automation in cybersecurity, which is important given the scarcity of skilled cybersecurity professionals.

The potential adoption of Generative AI (GenAI) platforms by SLED organizations in the coming years is a double-edged sword. While it promises to enhance service delivery and data insights, it also introduces new, not fully understood risks. Agencies will need to carefully balance the benefits against the potential security implications.

Overall, the U.S. public sector is at a critical juncture in its cybersecurity journey. The increasing demand for third-party cybersecurity services and the push towards zero-trust architectures indicate a sector in transition, striving to bolster its defenses against an ever-evolving threat landscape.

Government Technology Analyst

The ISG Provider Lens™ report highlights a important challenge facing the U.S. public sector: the need to continuously update cybersecurity defenses in the face of budget constraints and evolving technologies. This situation is creating a significant market opportunity for cybersecurity solution providers.

The report's findings suggest a growing market for cybersecurity training programs. With the recognition that all public employees who work with data or technology need to be aware of cybersecurity and governance requirements, we can expect to see increased investment in this area over the next few years. This trend could benefit companies specializing in cybersecurity education and awareness training.

The anticipated adoption of Generative AI (GenAI) platforms by SLED organizations is particularly intriguing. While GenAI offers potential benefits in service optimization and data analysis, it also introduces new security challenges. This creates a dual opportunity for AI solution providers and cybersecurity firms to collaborate on secure GenAI implementations tailored for the public sector.

The report also indicates a shift towards more integrated and automated security solutions, such as XDR and SSE. This trend favors providers offering comprehensive, easy-to-manage security platforms over point solutions. Companies like IBM, named as a Leader in five quadrants, are well-positioned to capitalize on this trend.

Lastly, the increasing interest in zero-trust architectures, partly driven by regulatory mandates, suggests a growing market for solutions that can help agencies implement and manage zero-trust environments. This could be a key area of focus for cybersecurity providers looking to expand their public sector business.

Agencies face constant need to update cybersecurity defenses for evolving technologies despite tight budgets, ISG Provider Lens™ report says

STAMFORD, Conn.--(BUSINESS WIRE)-- Public agencies in the U.S. are in a cybersecurity arms race to defend systems and data from increasingly sophisticated attacks, according to a new research report published today by Information Services Group (ISG) (Nasdaq: III), a leading global technology research and advisory firm.

The 2024 ISG Provider Lens™ Cybersecurity — Solutions and Services report for the U.S. Public Sector finds that many state, local and educational (SLED) organizations are highly vulnerable to evolving cybercrime techniques and can become vectors for attacks on larger agencies. SLED enterprises vary widely in terms of risk, staff training and preparedness despite significant government spending on cybersecurity, including a $400 million federal grant program for state and local agencies.

“Agencies need to make significant investments just to stay current on cybersecurity,” said Nathan Frey, partner and lead, ISG Public Sector, for the U.S. “As threats grow, they are constantly challenged to provide an adequate defense while constrained by budget and hiring limitations.”

The sector is expected to invest more in training over the next few years, because all public employees who work with data or technology need to be aware of cybersecurity and governance requirements, the report says. As agencies adopt new technologies, they will also need tools to prevent these from being exploited. Demand for third-party cybersecurity services is expected to grow significantly.

In the coming years, SLED organizations are likely to adopt Generative AI (GenAI) platforms to help them optimize service delivery to constituents and derive new insights from data, ISG says. The risks that come with GenAI are not yet fully known, so agencies will need to choose platforms carefully and update their defenses to make sure the technology delivers a net benefit.

Some public agencies taking a holistic approach to security are investing in extended detection and response (XDR) and security service edge (SSE), ISG says. By correlating data from multiple security layers and enforcing common security policies across all endpoints and applications, these tools can help organizations rein in the complexity of multiple cybersecurity systems.

Like commercial enterprises, U.S. public-sector agencies want simpler and more flexible cyber defenses, the report says. Many are adopting a zero-trust approach to lock down access to critical infrastructure, sometimes due to regulatory mandates. The sector is also growing more interested in AI tools that automate responses to security incidents, reducing human effort and the need for training.

“Automation will be essential for defending both public agencies and private enterprises,” said Jan Erik Aase, partner and global leader, ISG Provider Lens Research. “Threats are proliferating, and cybersecurity skills are scarce.”

The report also explores other trends affecting cybersecurity in the U.S. public sector, including internal security threats and integration issues raised by consolidation among providers.

For more insights into the cybersecurity challenges faced by U.S. public agencies, including establishing ownership of cybersecurity responsibilities and convincing constituents their data is safe, plus ISG’s advice on these issues, see the ISG Provider Lens™ Focal Points briefing here.

The 2024 ISG Provider Lens™ Cybersecurity — Solutions and Services report for the U.S. Public Sector evaluates the capabilities of 77 providers across six quadrants: Identity and Access Management, Extended Detection and Response, Security Service Edge, Technical Security Services, Strategic Security Services and Managed Security Services — SOC.

The report names IBM as a Leader in five quadrants. It names Accenture, Capgemini, Deloitte, EY and Infosys as Leaders in three quadrants each. Broadcom, HCLTech, KPMG, Microsoft, Palo Alto Networks and Verizon Business are named as Leaders in two quadrants each. Cato Networks, Cisco, CrowdStrike, Eviden, Forcepoint, Fortinet, Leidos, ManageEngine, Netskope, Okta, RSA, SailPoint, SentinelOne, Trend Micro, Unisys, Versa Networks and Zscaler are named as Leaders in one quadrant each.

In addition, HCLTech, Ping Identity, Skyhigh Security, TCS, Trellix and Wipro are named as Rising Stars — companies with a “promising portfolio” and “high future potential” by ISG’s definition — in one quadrant each.

In the area of customer experience, Zensar Technologies is named the global ISG CX Star Performer for 2024 among cybersecurity providers. Zensar Technologies earned the highest customer satisfaction scores in ISG's Voice of the Customer survey, part of the ISG Star of Excellence™ program, the premier quality recognition for the technology and business services industry.

A customized version of the report is available from IBM.

The 2024 ISG Provider Lens™ Cybersecurity — Solutions and Services report for the U.S. Public Sector is available to subscribers or for one-time purchase on this webpage.

About ISG Provider Lens™ Research

The ISG Provider Lens™ Quadrant research series is the only service provider evaluation of its kind to combine empirical, data-driven research and market analysis with the real-world experience and observations of ISG's global advisory team. Enterprises will find a wealth of detailed data and market analysis to help guide their selection of appropriate sourcing partners, while ISG advisors use the reports to validate their own market knowledge and make recommendations to ISG's enterprise clients. The research currently covers providers offering their services globally, across Europe, as well as in the U.S., Canada, Mexico, Brazil, the U.K., France, Benelux, Germany, Switzerland, the Nordics, Australia and Singapore/Malaysia, with additional markets to be added in the future. For more information about ISG Provider Lens research, please visit this webpage.

About ISG

ISG (Information Services Group) (Nasdaq: III) is a leading global technology research and advisory firm. A trusted business partner to more than 900 clients, including more than 75 of the world’s top 100 enterprises, ISG is committed to helping corporations, public sector organizations, and service and technology providers achieve operational excellence and faster growth. The firm specializes in digital transformation services, including AI and automation, cloud and data analytics; sourcing advisory; managed governance and risk services; network carrier services; strategy and operations design; change management; market intelligence and technology research and analysis. Founded in 2006, and based in Stamford, Conn., ISG employs more than 1,600 digital-ready professionals operating in more than 20 countries—a global team known for its innovative thinking, market influence, deep industry and technology expertise, and world-class research and analytical capabilities based on the industry’s most comprehensive marketplace data. For more information, visit www.isg-one.com.

View source version on businesswire.com: https://www.businesswire.com/news/home/20240801840577/en/

Press Contacts:

Will Thoretz, ISG

+1 203 517 3119

will.thoretz@isg-one.com

Julianna Sheridan, Matter Communications for ISG

+1 978-518-4520

isg@matternow.com

Source: Information Services Group, Inc.

FAQ

What are the main cybersecurity challenges for U.S. public sector agencies in 2024?

According to the ISG report, U.S. public sector agencies face challenges such as evolving cybercrime techniques, budget constraints, hiring limitations, and the need to update defenses for new technologies like GenAI. SLED organizations are particularly vulnerable and can become vectors for attacks on larger agencies.

How much is the federal grant program for state and local agencies' cybersecurity?

The ISG report mentions a $400 million federal grant program for state and local agencies to improve their cybersecurity defenses.

What cybersecurity technologies are U.S. public agencies adopting according to the ISG report?

The report indicates that U.S. public agencies are adopting technologies such as Generative AI (GenAI), extended detection and response (XDR), security service edge (SSE), zero-trust approaches, and AI-powered automated response tools.

How does ISG (Nasdaq: III) evaluate cybersecurity providers in their 2024 report?

ISG evaluates 77 cybersecurity providers across six quadrants: Identity and Access Management, Extended Detection and Response, Security Service Edge, Technical Security Services, Strategic Security Services, and Managed Security Services - SOC. The report names Leaders in each category based on their capabilities.