Only 1 in 3 Government Cybersecurity Programs Are Fully Funded, the 2026 Cybersecurity Readiness in Government Survey Reveals
417 federal, state, and local practitioners reveal where public-sector cybersecurity programs are succeeding and where they are falling short.
Bethesda, MD, May 27, 2026 (GLOBE NEWSWIRE) -- The 2026 Cybersecurity Readiness in Government Survey from SANS Institute finds that adequate cybersecurity funding is the exception across public-sector agencies, with resource and workforce gaps preventing most from reaching full operational maturity. 63% cite budget limitations as their primary obstacle, and security leaders make hard trade-offs on which risks to address.
Outdated infrastructure, disconnected systems, and slow procurement processes prevent full integration of existing security tools across government environments, leaving organizations with multiple independent security measures in place of a coordinated defense.
“Converting governance into working capability is where efforts stall,” said Ryan Nicholson, SANS Senior Instructor. “Funding shortfalls and workforce constraints are the specific pressure points keeping teams from closing that gap.”
The survey points to a consistent pattern: strategic planning is no longer the bottleneck. Security teams that have spent years building policy frameworks are running into execution capacity as the limiting factor, with budget pressure and staffing limitations determining how much of what is planned actually gets done.
More than half of respondent's report difficulty recruiting and retaining qualified professionals. Staff training and awareness (41%) and threat detection and response (40%) are the functions they identify as most resource-constrained; the two capabilities most central to whether a security program holds up in practice.
55% of organizations report a fully implemented strategy, but only 22% rate themselves as capable of executing it at scale. The gap between having a plan and having the capacity to act on it is where most programs stall.
“The path from mid-stage maturity to fully capable security teams runs through workforce development, automation, and technology integration,” Nicholson said. “This survey gives security leaders a clear picture of where they stand and what the data says to focus on next.”
The findings will be presented during the 2026 Cybersecurity Readiness in Government Survey webcast on Wednesday, May 28, 2026, at 10:00 AM EDT.
Register to attend and download the report here.
Jenn Elston SANS Institute 301-654-7267 jelston@sans.org
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
