OMB: Cyber Workforce: Actions Needs to Improve Size and Cost Data - Could not accurately identify the size and cost of their cyber workforce
Sept 04, 2025
Fast Facts
A key component of the government’s ability to deal with cyber threats is a right-sized and effective federal and contractor cyber workforce.
To plan well, agencies need to accurately track their cyber workforce resources. They must also evaluate their efforts to build and maintain cyber workforces.
However, most of the 23 agencies in our review couldn’t tell us the size and cost of their cyber workforce. Their tallies of at least 63,934 federal and 4,151 contractor staff at an annual cost of $14.6 billion were incomplete.
Recommendations
GAO is making four recommendations to ONCD to address workforce data gaps, quality assurance, cyber staff identification, and efforts to assess effectiveness. ONCD neither agreed nor disagreed with the recommendations.
Recommendations for Executive Action
The National Cyber Director, in collaboration with OMB and other federal agencies as appropriate, should expeditiously take steps to address gaps in cyber workforce size and cost data used by agency-level CIOs and CHCOs. (Recommendation 1)
The National Cyber Director, in collaboration with OMB and other federal agencies as appropriate, should expeditiously take steps to address the lack of documented quality assurance processes in cyber workforce data used by agency-level CIOs and CHCOs. (Recommendation 2)
The National Cyber Director, in collaboration with OMB and other federal agencies as appropriate, should expeditiously take steps to address variances in identifying cyber personnel in cyber workforce data used by agency-level CIOs and CHCOs. (Recommendation 3)
The National Cyber Director, in collaboration with OMB and other entities as appropriate, should direct federal agencies to assess the effectiveness of agency-specific cyber workforce initiatives using costs, benefits, performance, and other relevant metrics. (Recommendation 4
What GAO Found
The federal cyber workforce consists of federal employees and contractors who perform IT, cybersecurity, and cyber-related functions. Federal guidance from the Office of Management and Budget (OMB) and Office of Personnel Management (OPM) call for having quality workforce data at the agency-level. In its 2023 cyber workforce strategy, the Office of the National Cyber Director (ONCD) also emphasized the importance of high-quality data for workforce management.
However, most agencies did not have quality information on their component-level and contractor cyber workforce. As a result, they could not accurately identify the size and cost of their cyber workforce. Using information readily available to agency-level offices, agencies reported at least 63,934 federal and 4,151 contractor staff at an annual cost of at least $9.3 billion and $5.2 billion, respectively, as of April 2024. However, these amounts are incomplete and unreliable and do not reflect the full size and cost of the cyber workforce.
A significant gap is that 22 of the 23 agencies reported partial or no data on their contractor cyber workforce. Further, 19 of 23 agencies did not have a documented quality assurance process to ensure accurate data. Also, 17 of 23 agencies lacked standardized procedures for identifying cyber employees. Until ONCD addresses these factors, it cannot ensure that agencies will have the information needed to support workforce decisions. This is especially important during administration transitions when new leadership needs assurance that the federal government is prepared and cyber-ready.
Twenty-two of the 23 agencies reported using various initiatives to help strengthen their federal cyber workforce through hiring/recruiting, reskilling/training, and retention efforts.
About www.capitalreps.com
