In December 2025, Carahsoft and Broadcom commissioned Forrester Consulting to survey 212 U.S. Government cybersecurity decision makers about the state of Public Sector security operations following the budget and headcount reductions of early 2025. What they found was a sector under sustained pressure, but also one actively searching for smarter, more resilient ways forward. The findings provide a candid assessment of where agencies stand today and the steps required to strengthen their cybersecurity posture in an era of constrained resources.

Budget Cybersecurity Gaps

Budget instability remains widespread, with 38% of agency budgets still classified as mostly or completely fiscally unstable. Another fifth of agencies reported no change since the initial cuts were enacted. The result is a cybersecurity landscape where teams are being asked to protect increasingly complex digital environments with fewer people, fewer tools and less financial runway than they had even a year ago. Over half of the respondents report that budget constraints have moderately or significantly impacted their ability to maintain core security operations. Perhaps most telling, just 38% of cybersecurity leaders express confidence in their agency’s security posture following headcount reductions.

The areas most exposed under current resource limitations are network security, data protection and incident response. Roughly a third of respondents also flagged concerns around endpoint security, visibility, analytics and compliance. For agencies already navigating a complex regulatory and threat environment, these vulnerabilities represent more than operational friction; they signal genuine risk to mission-critical systems and the sensitive data agencies are entrusted to protect. As leadership teams work to roadmap investments for the year ahead, two priorities have risen to the top: securing critical infrastructure against bad actors and integrating artificial intelligence (AI) and cybersecurity capabilities.  

Rising Breach Risk in a Leaner Environment

Understanding the current risk landscape is an essential first step toward addressing it effectively. 86% of respondents anticipate an increase in potential compromises or breaches in the coming year due to the recent staffing and funding reductions. More than a quarter expect breach numbers to climb by 1–10%, while over 20% anticipate increases of 30% or more. For agencies responsible for protecting sensitive Government data and public-facing services, this trajectory demands immediate strategic attention. The connection between resource reduction and elevated risk is already being experienced across teams, where reduced personnel have created measurable gaps in detection, response and remediation capacity.

The operational data reinforces this concern. 61% of respondents report that security incidents overall have increased in frequency, while 65% say their mean time to remediate (MTTR) has been negatively affected. Over half indicate their ability to secure technology and architecture delivery has also suffered. These are not isolated data points; they reflect a compounding effect where each unaddressed gap creates the conditions for the next. Agencies that do not act strategically in prioritizing their highest-risk exposure areas will face growing difficulty in maintaining the compliance posture and operational resilience their missions demand.

AI and Automation as Force Multipliers for Lean Teams

Amid the challenges, a clear opportunity is emerging. Agencies are increasingly recognizing that AI and automation are essential tools for maintaining security effectiveness when human capacity is stretched thin. 72% of respondents indicated openness to automation tools as a means of enhancing cybersecurity resilience. The top priority areas for automation adoption include incident response, network security, compliance and data protection, precisely the domains where resource gaps are most acute.

Forrester’s recommendations reinforce this direction. Leveraging AI to automate network traffic analysis, policy validation and alert triage allows teams to concentrate on high-confidence threats such as data exfiltration and lateral movement, rather than being consumed by manual tasks. Applied effectively, AI can help offset staffing shortfalls, reduce analyst burnout and preserve or even improve, mean time to investigate (MTTI) or MTTR metrics. Agencies that invest in AI-driven security tools now are not just responding to a short-term resource problem; they are building a more adaptive, scalable security model that can sustain performance through continued uncertainty. This is a strategic shift as much as a technical one, and cybersecurity leaders who embrace it early will be better positioned to protect their environments long-term.

Strategic Consolidation as the Path Forward

The data points toward a clear prescription: agencies must work smarter, not just harder, with the resources available to them.

On the investment side, respondents are focusing on limited resources where they will have the greatest impact: threat detection, incident response, network infrastructure modernization and process automation. Forrester recommends that agencies rationalize their security stack to eliminate overlapping capabilities, adopt consolidated platform solutions such as Endpoint Detection and Response (EDR) or unified network security platforms and reduce one-off tool purchases that contribute to sprawl and complexity. Critically, agencies should plan for sustained lean operations rather than assume a return to pre-2025 staffing or budget levels. Redesigning operating models around automation, risk prioritization and efficiency will be the defining factor for resilient agencies.

The findings from this Forrester study make one thing clear: the agencies that will emerge strongest from this period of constraint are those that treat resource limitations not as a barrier, but as a forcing function for smarter, more deliberate security strategy. By concentrating investments in high-risk areas, embracing AI and automation and consolidating their security stack, Government cybersecurity teams can build a leaner, more resilient security posture that holds up under pressure, today and in the years ahead.

Download the full study, “Smarter Security for Leaner Budgets and Teams” and join our webinar as experts and Government showcase the key findings in depth and discuss the path forward.

A commissioned study conducted by Forrester Consulting on behalf of Carahsoft and Broadcom, March 2026.