The US federal government is spending billions annually on cybersecurity professionals. However, it lacks reliable data on how many are actually employed, according to a new Government Accountability Office (GAO) report. The findings raise concerns about staffing, oversight, and the nation’s cyber defense readiness.
GAO reviewed workforce data from 23 federal agencies (excluding the Pentagon) and found major inconsistencies:
- Agencies reported at least 63,934 full-time federal cybersecurity employees at a cost of $9.3 billion per year, plus 4,151 contractors costing another $5.2 billion.
- 22 of 23 agencies admitted they had only partial or no data on contractors.
- 19 agencies lacked quality assurance for workforce reporting, and 17 had no standardized criteria for defining a cybersecurity role.
The report also highlighted leadership gaps. The Office of the National Cyber Director (ONCD) has failed to provide clear guidance on workforce tracking. Meetings of the Federal Cyber Workforce working group were suspended in February and have not clearly resumed, despite the Senate’s August confirmation of Trump appointee Sean Cairncross as National Cyber Director. Cairncross, a lawyer with no prior cybersecurity leadership experience, now oversees federal workforce strategy.
GAO recommended ONCD take four urgent steps: address data gaps, improve reporting quality, standardize role definitions, and assess workforce effectiveness. The ONCD neither agreed nor disagreed but pointed to past Biden-era efforts, such as the 2023 National Cybersecurity Strategy, which aimed to improve workforce reporting.
Without accurate data, GAO warned, agencies risk making poor staffing and budget decisions at a time when cyber threats are accelerating. As one GAO spokesperson noted, “The federal government has historically struggled to manage this important subset of technology workers.”
Source:
https://www.theregister.com/2025/09/08/us_govt_lacks_clarity_infosec_workforce/
