The 2020 Deltek Clarity Government Contracting Study revealed that the optimism expressed for industry growth prior to the COVID-19 pandemic continues with companies’ expectations for 2021. And one of the main focus areas of growth was cybersecurity. Cybersecurity became a key focal point as the workforce became more remote and relied on the networks differently.
While the focus on securing companies’ networks remained high, at the same time, companies are investing in efforts to leverage big data to improve insights and inform strategic decisions. Companies that do this well in the shortest amount of time will stand out against their competition. And even though smaller companies seem to be at a disadvantage, as they are less likely to lean into tech trends, overall smaller companies have narrowed their focus on big data and data science.
CYbersecurity Gets a REturn on Investment
The rate of cybersecurity incidents leveled off in 2020, showing that the investments in cybersecurity are starting to show positive returns. The biggest investment was focused around security and authentication. Both of these aspects of technology were crucial to sustaining a remote workforce and maintaining compliance.
By a wide margin, viruses continue to be the main problem experienced as a security challenge. Virus incidents rose to 44% from 32% the previous year. Security investments helped prevent an increase in data breaches, with only 13% of respondents reporting they experience one or more data breaches. And 39% of businesses indicated they had no security challenges. Researchers are curious to see if this trend toward no security issues continues.
CMMC on the Horizon
But cybersecurity will continue to be a focus for companies not only because of the shift in how companies work and how their workforce operates. But also, because important security regulations are on the horizon. The Department of Defense (DoD) released requirements for Cybersecurity Maturity Model Certification (CMMC). All companies that do business with DoD will have to certify their CMMC by October 1, 2025. This will have a huge impact on companies that work with DoD since it will serve as a go/no go decision in contract awards.
Sixty percent of study respondents indicated they have performed an assessment of the controls, policies, and procedures required to meet CMMC requirements, which will start on select contracts in 2021 and all contractors must comply by 2025. But surprisingly, more than twenty percent of respondents indicated they are either unaware of or uncertain about this new certification requirement.
There are five levels of certification required for CMMC. And of the companies that were already actively working toward certification, the biggest trouble point for companies was Level 3 certification at 39% of companies working toward certification aware of issues. Level 3 certification closely aligns with NIST 800-171 requirements for handling controlled unclassified information (CUI). Level 3 certification requires companies to be assessed on their ability to demonstrate all the practices to address Level 1, 2, and 3. Nearly half of the companies who are intending to comply with CMMC intend to do so within the next 12 months. Another 12% of companies expect to comply within two years.
Cloud migration does not seem to have been impacted by the pandemic. More than 50% of business applications are now in the cloud. But one-third of business applications still remain on premises.
Brighter Future Ahead
The study found that government contractors were overall successful in a challenging year. They maintained a keen focus on the fundamentals, business continuity, and meeting customers’ needs. The future outlook is bright as revenues are expected to grow and the effects of the pandemic hopefully recede.