Rising Threats Trigger U.S. Public Sector Security Upgrades

Agencies deploy innovative tools to protect fledgling AI infrastructure, complex supply chains, distributed cloud architectures, ISG Provider Lens^® report says

STAMFORD, Conn.--(BUSINESS WIRE)-- Public-sector organizations in the U.S. are adopting advanced cybersecurity solutions and services in response to a growing number of data breaches and evolving threats, according to a new research report published today by Information Services Group (ISG) (Nasdaq: III), a global AI-centered technology research and advisory firm.

The 2025 ISG Provider Lens^® Cybersecurity — Services and Solutions report for the U.S. Public Sector finds that agencies at the federal, state and local levels face increasingly sophisticated attackers targeting critical infrastructure and citizen data. The constant battle to protect data and infrastructure further complicates the government’s digital transformation efforts, including integration of AI-enabled systems.

“Public agencies need strong data protection strategies to continue delivering services and maintain public trust,” said Nathan Frey, ISG partner and lead, U.S. Public Sector. “They are working with providers to acquire and deploy effective security technologies and services.”

Organizations are starting to employ AI to enhance security even as threat actors are weaponizing it, the report says. AI can automate the discovery of vulnerabilities and create more evasive malware and convincing deepfakes for social engineering. At the same time, agencies are using AI tools to enhance threat detection and conduct predictive analysis. They are also taking steps to protect AI models and data from attacks, guided by government standards such as the NIST AI Risk Management Framework.

Risks to the public sector also arise from supply chain issues and the convergence of IT and OT systems, ISG says. The complex supply chains involved in government procurement come with vulnerabilities that require constant vendor risk management and monitoring. IT/OT convergence in critical energy, water, transportation and defense infrastructure can be compromised to disrupt operations, putting the public at risk. An early notification system prevented a major ransomware attack against transportation infrastructure in the U.S. in 2023.

As agencies migrate to the cloud, they are deploying cloud security posture management and workload protection platforms to protect sensitive applications across distributed systems, the report says. Facing internal resource constraints, many are adopting managed detection and response services, which include continuous monitoring, threat hunting, expert-led incident response and other capabilities.

Service providers play crucial roles in the U.S. public sector’s cybersecurity and resilience, ISG says. At a strategic level, they relate cyber risks to agency objectives, demonstrating return on investment. Providers also help agencies meet strict compliance requirements and augment internal teams in a sector that often struggles to attract and retain cybersecurity talent.

“Cybersecurity services are stepping up to meet increasing public-sector demands for resilience and governance,” said Gowtham Sampath, assistant director and principal analyst, ISG Provider Lens Research, and lead author of the report. “Providers enable clients to align security measures with agency goals and build effective defenses with limited resources.”

The report also explores global cybersecurity technology trends relevant to the U.S. public sector, including increasing adoption of Identity and Access Management (IAM), extended detection and response (XDR) and security service edge (SSE).

For more insights into the cybersecurity challenges facing U.S. public agencies, along with ISG’s advice for addressing them, see the ISG Provider Lens^® Focal Points briefing here.

The 2025 ISG Provider Lens^® Cybersecurity — Services and Solutions report for the U.S. Public Sector evaluates the capabilities of 86 providers across six quadrants: Identity and Access Management (Global), Extended Detection and Response (Global), Security Service Edge (Global), Technical Security Services, Strategic Security Services and Next-Gen SOC/MDR Services.

The report names IBM as a Leader in five quadrants. It names Accenture, Capgemini, Deloitte, EY, HCLTech and Infosys as Leaders in three quadrants each. Broadcom, Fortinet, KPMG, Microsoft, Palo Alto Networks and Unisys are named as Leaders in two quadrants each. Cato Networks, Check Point Software, Cisco, CrowdStrike, CyberArk, Forcepoint, Leidos, ManageEngine, Netskope, Okta, One Identity (OneLogin), Ping Identity, SailPoint, Saviynt, SentinelOne, Trellix, Trend Micro, Versa Networks and Zscaler are named as Leaders in one quadrant each.

In addition, Leidos is named as a Rising Star — a company with a “promising portfolio” and “high future potential” by ISG’s definition — in two quadrants. BeyondTrust, HPE (Aruba), Sophos and Wipro are named as Leaders in one quadrant each.

In the area of customer experience, PwC is named the global ISG CX Star Performer for 2025 among cybersecurity service and solution providers. PwC earned the highest customer satisfaction scores in ISG's Voice of the Customer survey, part of the ISG Star of Excellence™ program, the premier quality recognition for the technology and business services industry.

A customized version of the report is available from Unisys.

The 2025 ISG Provider Lens^® Cybersecurity — Services and Solutions report for the U.S. Public Sector is available to subscribers or for one-time purchase on this webpage.

About ISG Provider Lens^® Research

The ISG Provider Lens^® Quadrant research series is the only service provider evaluation of its kind to combine empirical, data-driven research and market analysis with the real-world experience and observations of ISG's global advisory team. Enterprises will find a wealth of detailed data and market analysis to help guide their selection of appropriate sourcing partners, while ISG advisors use the reports to validate their own market knowledge and make recommendations to ISG's enterprise clients. The research currently covers providers offering their services globally, across Europe, as well as in the U.S., Canada, Mexico, Brazil, the U.K., France, Benelux, Germany, Switzerland, the Nordics, Australia and Singapore/Malaysia, with additional markets to be added in the future. For more information about ISG Provider Lens research, please visit this webpage.

About ISG

ISG (Nasdaq: III) is a global AI-centered technology research and advisory firm. A trusted partner to more than 900 clients, including 75 of the world’s top 100 enterprises, ISG is a long-time leader in technology and business services that is now at the forefront of leveraging AI to help organizations achieve operational excellence and faster growth. The firm, founded in 2006, is known for its proprietary market data, in-depth knowledge of provider ecosystems, and the expertise of its 1,600 professionals worldwide working together to help clients maximize the value of their technology investments.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250728719204/en/

Press Contacts:

Laura Hupprich, ISG

+1 203 517 3132

laura.hupprich@isg-one.com

Julianna Sheridan, Matter Communications for ISG

+1 978-518-4520

isg@matternow.com

Source: Information Services Group, Inc.