Federal cybersecurity spending will decline in 2027 under Donald Trump’s proposed budget, with uneven shifts across agencies, as some see sizable increases while others face sharp reductions.
According to the Office of Management and Budget (OMB) crosscut tables released with Trump’s budget, civilian federal cybersecurity spending is expected to fall from $12.455 billion in 2026 to $12.228 billion in 2027, a drop of roughly $227 million. The decrease comes despite targeted increases for some agencies, reflecting uneven changes across the federal cyber landscape rather than a uniform pullback.
The proposed decline follows last year’s budget cycle in which earlier proposed cuts were partially reversed by Congress. Trump’s 2026 budget request last year called for nearly $1 billion in cybersecurity cuts, including steep reductions at the Cybersecurity and Infrastructure Security Agency (CISA).
Congressional appropriators ultimately softened many of those reductions, restoring funding in key areas and preventing a deeper contraction by, for example, restoring $361 million in CISA’s 2026 budget out of the $495 million spending cut that the administration had requested for that agency alone.
Winners: DOJ and State see the largest increases
The biggest beneficiary in the 2027 budget is the Department of Justice, which would see its cyber funding rise by $312 million, or 33%, to $1.27 billion. The increase stands out as the largest single gain across civilian agencies.
The State Department is another major gainer, with a $174 million, or 27% increase to $809 million. The increase aligns with an expanded focus on cyber and emerging technologies, including the department’s new Bureau of Emerging Threats, which is aimed at addressing cyberattacks and risks tied to technologies such as artificial intelligence.
Other agencies seeing increases include:
- Department of Transportation: +$60 million (+11%)
- Department of Commerce: +$38 million (+10%)
- Department of Housing and Urban Development: +$17 million (+10%)
- Department of Energy: +$11 million (+12%)
Figure 1- Top gainers in Trump’s 2027 budget. Compilation from OMB cross-cut tables.
CSO
Several smaller agencies, including the EPA, Department of Education, Tennessee Valley Authority, Federal Mine Safety and Health Review Commission, and the US Army Corps of Engineers, also stand to post modest gains under the 2027 budget.
Losers: DHS, VA, and research programs face cuts
The largest 2027 budget cut falls on the Department of Homeland Security, where cyber spending would decline by $222 million or 7% to $3.05 billion. DHS remains the government’s largest civilian cyber spender, but the decrease is driven largely by cuts to CISA.
Other notable reductions include:
- Department of Veterans Affairs: -$165 million (-13%)
- National Science Foundation: -$132 million (-50%)
- Department of Health and Human Services: -$94 million (-10%)
- Department of the Treasury: -$80 million (-10%)
Several independent regulatory agencies, including the Securities and Exchange Commission and Federal Communications Commission, would also inexplicably see their cyber spending reduced to zero in the 2027 proposal. Both the SEC and FCC have been flashpoints for the Trump administration.
The SEC under the previous administration pursued aggressive cybersecurity disclosure rules for public companies, which were unpopular with some corporate stakeholders. The elimination of cyber funding at both agencies raises questions about how those responsibilities would be carried out under the proposal.
The reduction at the National Science Foundation (NSF) is particularly sharp, cutting roughly half of its cyber funding and reflecting a broader effort to reduce the agency’s overall budget. NSF plays a central role in funding academic cybersecurity research, supporting the development of the future cyber workforce, and advancing foundational security technologies, meaning the cuts could have long-term implications that extend well beyond immediate federal operations.
Although not reflected in the crosscut tables, even the White House’s Office of the National Cyber Director (ONCD) is slated to face spending cuts under the 2027 budget.Under the full 1,300-page administration budget, the ONCD is expected to see its budget trimmed by around $3 million, or 18%, to $17 million.
Figure 2- Biggest losers under Trump’s 2027 budget, compilation from OMB crosscut tables.
CSO
CISA: Deeper cuts, ongoing instability
The proposed reductions at CISA extend beyond the topline numbers reflected in the OMB tables.
The budget calls for a $707 million reduction to CISA, described as an effort to refocus the agency on core missions such as Federal network defense and critical infrastructure security while eliminating programs and offices the administration characterizes as duplicative or outside its primary scope, including certain external engagement and misinformation-related activities. The rationale echoes longstanding political criticism of CISA’s past work on misinformation, although the agency has already wound down those efforts.
The 2027 budget is expected to significantly reduce the agency’s workforce, adding to concerns about operational capacity, by eliminating 120 of the agency’s stakeholder engagement program’s 145 positions and cutting the program’s funding by more than $50 million.
The Stakeholder Engagement Division (SED) at CISA leads national and international voluntary partnerships and engagements for information sharing and collaboration.
The FY 2027 budget request said the cuts would eliminate SED’s council management offices, stakeholder engagement activities and offices, and the international affairs external engagement offices. CISA also said it would eliminate 867 agency positions, representing about 766 full-time equivalent employees, from its current staffing level of 3,732 positions.
Reduced cyber spending even as threats grow
The 2027 proposal reduces total federal cyber spending even as threats from nation-state actors and criminal groups continue to advance in their sophistication and level of threat.
“By decreasing spending on cybersecurity at a time when the threats in cybersecurity are accelerating, from both nation-state adversaries and criminal organizations, you’re choosing to increase the nation’s risk,” Michael Daniel, president of the Cybersecurity Threat Alliance, told CSO.
Daniel added that the effects of underinvestment can build over time. “If you underinvest in cybersecurity, it’s one of those issues that tends to compound over the long term. Playing catch-up is always harder than making the investments upfront.”
Lawmakers are also signaling scrutiny of the proposed cuts. House Homeland Security Committee Chairman Andrew Garbarino (R-NY) said in a statement sent to CSO that “CISA has a vital role in fulfilling DHS’s core mission, one that I continue to strongly support,” adding that Congress “has a responsibility to ensure the agency has the resources it needs to succeed.”
The key takeaway for enterprises is that the reduced spending, particularly at CISA, means fewer federal resources available to assist in developing defenses and fending off threats. The upshot is that the implicit expectation that the federal government would serve as an ever-meaningful partner in private sector cyber defense is now structurally weakening.
Enterprise budgets and strategies that assumed a strong private-public sector partnership on cybersecurity likely need revisiting. At a minimum, organizations should consider auditing their CISA dependencies, accelerating private threat intel relationships, and revisiting compliance assumptions around SEC enforcement.
CTA’s Daniel echoes those thoughts in warning that the reduced resources at CISA and elsewhere mean “the federal government’s ability to support and interact with the private sector is going to be reduced. Even if you want to do regulatory reform and you want to reduce the regulatory burden on private sector companies, you still need people there to do the analysis to figure out how to make those changes.”