Recent shifts in US federal cybersecurity efforts, most notably cuts to key CISA programs and the disbanding of the Cyber Safety Review Board, are having an impact beyond Washington according to a new report.
Security automation company Swimlane surveyed 500 IT and security decision-makers across the US and UK The findings show how private-sector leaders are now shouldering greater responsibility for resilience, investment and public‑private coordination.
The findings show 85 percent of security teams have experienced budget or resource-related changes in the past six months as the government looks at ways to reduce spending.
“While the traditional backbone of intelligence sharing, incident coordination and funding has evolved, security professionals are stepping up to bridge the gaps and drive innovative solutions,” says Michael Lyborg, CISO at Swimlane. “The result is increased exposure to risk, diminished threat visibility and mounting strain on already overstretched security operations. In this new era, private organizations must be prepared to stand alone and prioritize proactive, scalable defenses to stay ahead of increasingly sophisticated threats.”
There’s a loss of confidence in public/private sector coordination, 81 percent believe it will hinder threat intelligence sharing, 86 percent warn that disbanding the Cyber Safety Review Board will disrupt post-incident coordination and 79 percent say federal defunding has increased overall cyber risk.
In addition 63 percent of respondents say recent or anticipated cuts are affecting team structure and staffing plans. Nearly half (46 percent) report reducing their planned security investments for 2025 due to ongoing federal funding instability. 85 percent of organizations have faced budget or resource cuts in the past six months. The top impacts include increased workloads without added support (52 percent), team restructuring (48 percent) and reduced capacity for detection and monitoring (41 percent).
As federal support reduces 91 percent of organizations say they have taken new steps to protect operational resilience. Over half (54 percent) have developed internal cybersecurity frameworks independent of government guidance.
The implications extend beyond the US too, 79 percent of UK respondents say growing US cybersecurity instability has made them more cautious with US-based vendors. As a result, 43 percent have reassessed existing partnerships and 29 percent have delayed or canceled contracts.
“As many seasoned cybersecurity professionals will tell you, this industry runs in cycles of reaction, regulation, retrenchment and reinvestment,” says Cody Cornell, co-founder and chief strategy officer of Swimlane. “Right now, we’re in a period of reorganization and a changing regulatory environment. But in the face of shrinking federal support, most organizations aren’t standing still. They’re adapting, taking ownership of their resilience strategies and building internal frameworks to maintain readiness, no matter what’s happening in Washington. This isn’t just about surviving the current climate. It’s about redefining what resilient security leadership looks like moving forward.”
You can get the full report from the Swimlane site and register for a webinar to discuss the findings on September 18th at 12:30pm ET.
Image credit: belchonock/depositphotos.com
