Public agencies in the U.S. are in a cybersecurity arms race to defend systems and data from increasingly sophisticated attacks, according to a new research report published today by Information Services Group (ISG).
The 2024 ISG Provider Lens Cybersecurity — Solutions and Services report for the U.S. Public Sector finds that many state, local and educational (SLED) organizations are highly vulnerable to evolving cybercrime techniques and can become vectors for attacks on larger agencies. SLED enterprises vary widely in terms of risk, staff training and preparedness despite significant government spending on cybersecurity, including a $400 million federal grant program for state and local agencies.
“Agencies need to make significant investments just to stay current on cybersecurity,” said Nathan Frey, partner and lead, ISG Public Sector, for the U.S. “As threats grow, they are constantly challenged to provide an adequate defense while constrained by budget and hiring limitations.”
The sector is expected to invest more in training over the next few years, because all public employees who work with data or technology need to be aware of cybersecurity and governance requirements, the report says. As agencies adopt new technologies, they will also need tools to prevent these from being exploited. Demand for third-party cybersecurity services is expected to grow significantly.
In the coming years, SLED organizations are likely to adopt Generative AI (GenAI) platforms to help them optimize service delivery to constituents and derive new insights from data, ISG says. The risks that come with GenAI are not yet fully known, so agencies will need to choose platforms carefully and update their defenses to make sure the technology delivers a net benefit.
Some public agencies taking a holistic approach to security are investing in extended detection and response (XDR) and security service edge (SSE), ISG says. By correlating data from multiple security layers and enforcing common security policies across all endpoints and applications, these tools can help organizations rein in the complexity of multiple cybersecurity systems.
Like commercial enterprises, U.S. public-sector agencies want simpler and more flexible cyber defenses, the report says. Many are adopting a zero-trust approach to lock down access to critical infrastructure, sometimes due to regulatory mandates. The sector is also growing more interested in AI tools that automate responses to security incidents, reducing human effort and the need for training.
“Automation will be essential for defending both public agencies and private enterprises,” said Jan Erik Aase, partner and global leader, ISG Provider Lens Research. “Threats are proliferating, and cybersecurity skills are scarce.”
The report also explores other trends affecting cybersecurity in the U.S. public sector, including internal security threats and integration issues raised by consolidation among providers.
For more insights into the cybersecurity challenges faced by U.S. public agencies, including establishing ownership of cybersecurity responsibilities and convincing constituents their data is safe, plus ISG’s advice on these issues, see the ISG Provider Lens Focal Points briefing here.
The 2024 ISG Provider Lens Cybersecurity — Solutions and Services report for the U.S. Public Sector evaluates the capabilities of 77 providers across six quadrants: Identity and Access Management, Extended Detection and Response, Security Service Edge, Technical Security Services, Strategic Security Services and Managed Security Services — SOC.
The report names IBM as a Leader in five quadrants. It names Accenture, Capgemini, Deloitte, EY and Infosys as Leaders in three quadrants each. Broadcom, HCLTech, KPMG, Microsoft, Palo Alto Networks and Verizon Business are named as Leaders in two quadrants each. Cato Networks, Cisco, CrowdStrike, Eviden, Forcepoint, Fortinet, Leidos, ManageEngine, Netskope, Okta, RSA, SailPoint, SentinelOne, Trend Micro, Unisys, Versa Networks and Zscaler are named as Leaders in one quadrant each.
In addition, HCLTech, Ping Identity, Skyhigh Security, TCS, Trellix and Wipro are named as Rising Stars — companies with a “promising portfolio” and “high future potential” by ISG’s definition — in one quadrant each.
In the area of customer experience, Zensar Technologies is named the global ISG CX Star Performer for 2024 among cybersecurity providers. Zensar Technologies earned the highest customer satisfaction scores in ISG's Voice of the Customer survey, part of the ISG Star of Excellence program.
A customized version of the report is available from IBM.
The 2024 ISG Provider Lens Cybersecurity — Solutions and Services report for the U.S. Public Sector is available to subscribers or for one-time purchase on this webpage.