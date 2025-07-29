Public-sector organizations in the U.S. are adopting advanced cybersecurity solutions and services in response to a growing number of data breaches and evolving threats, according to a new research report published today by Information Services Group (ISG), a global AI-centered technology research and advisory firm.

The 2025 ISG Provider Lens Cybersecurity—Services and Solutions report for the U.S. Public Sector finds that agencies at the federal, state, and local levels face increasingly sophisticated attackers targeting critical infrastructure and citizen data. The constant battle to protect data and infrastructure further complicates the government’s digital transformation efforts, including the integration of AI-enabled systems.

“Public agencies need strong data protection strategies to continue delivering services and maintain public trust,” said Nathan Frey, ISG Partner and Lead, U.S. Public Sector. “They are working with providers to acquire and deploy effective security technologies and services.”

Organizations are starting to employ AI to enhance security even as threat actors are weaponizing it, the report says. AI can automate the discovery of vulnerabilities and create more evasive malware and convincing deepfakes for social engineering. At the same time, agencies are using AI tools to enhance threat detection and conduct predictive analysis. They are also taking steps to protect AI models and data from attacks, guided by government standards such as the NIST AI Risk Management Framework.

Risks to the public sector also arise from supply chain issues and the convergence of IT and OT systems, ISG says. The complex supply chains involved in government procurement come with vulnerabilities that require constant vendor risk management and monitoring. IT/OT convergence in critical energy, water, transportation, and defense infrastructure can be compromised to disrupt operations, putting the public at risk. An early notification system prevented a major ransomware attack against transportation infrastructure in the U.S. in 2023.

As agencies migrate to the cloud, they are deploying cloud security posture management and workload protection platforms to protect sensitive applications across distributed systems, the report says. Facing internal resource constraints, many are adopting managed detection and response services, which include continuous monitoring, threat hunting, expert-led incident response, and other capabilities.

Service providers play crucial roles in the U.S. public sector’s cybersecurity and resilience, ISG says. At a strategic level, they relate cyber risks to agency objectives, demonstrating return on investment. Providers also help agencies meet strict compliance requirements and augment internal teams in a sector that often struggles to attract and retain cybersecurity talent.

“Cybersecurity services are stepping up to meet increasing public-sector demands for resilience and governance,” said Gowtham Sampath, assistant director and principal analyst, ISG Provider Lens Research, and lead author of the report. “Providers enable clients to align security measures with agency goals and build effective defenses with limited resources.”

The report also explores global cybersecurity technology trends relevant to the U.S. public sector, including increasing adoption of Identity and Access Management (IAM), extended detection and response (XDR), and security service edge (SSE).

For more insights into the cybersecurity challenges facing U.S. public agencies, along with ISG’s advice for addressing them, see the ISG Provider Lens Focal Points briefing here.

The 2025 ISG Provider Lens Cybersecurity—Services and Solutions report for the U.S. Public Sector evaluates the capabilities of 86 providers across six quadrants: Identity and Access Management (Global), Extended Detection and Response (Global), Security Service Edge (Global), Technical Security Services, Strategic Security Services, and Next-Gen SOC/MDR Services.

The report names IBM as a Leader in five quadrants. It names Accenture, Capgemini, Deloitte, EY, HCLTech, and Infosys as Leaders in three quadrants each. Broadcom, Fortinet, KPMG, Microsoft, Palo Alto Networks, and Unisys are named as Leaders in two quadrants each. Cato Networks, Check Point Software, Cisco, CrowdStrike, CyberArk, Forcepoint, Leidos, ManageEngine, Netskope, Okta, One Identity (OneLogin), Ping Identity, SailPoint, Saviynt, SentinelOne, Trellix, Trend Micro, Versa Networks, and Zscaler are named as Leaders in one quadrant each.

In addition, Leidos is named as a Rising Star—a company with a “promising portfolio” and “high future potential” by ISG’s definition—in two quadrants. BeyondTrust, HPE (Aruba), Sophos, and Wipro are named as Leaders in one quadrant each.

In the area of customer experience, PwC is named the global ISG CX Star Performer for 2025 among cybersecurity service and solution providers. PwC earned the highest customer satisfaction scores in ISG's Voice of the Customer survey, part of the ISG Star of Excellence program, the premier quality recognition for the technology and business services industry.

A customized version of the report is available from Unisys.

The 2025 ISG Provider Lens Cybersecurity—Services and Solutions report for the U.S. Public Sector is available to subscribers or for one-time purchase on this webpage.