Skip to content 
Cybersecurity isn’t just protecting machines—it’s protecting the people behind them. Cybersecurity Awareness Month (CSAM) reminds us that safeguarding sensitive information isn’t just about technology; it’s about policy, funding, and mission continuity.
Recent funding cuts and policy changes have created a perfect storm: organizations are being asked to do more with less, while cyber threats keep building. For any organization relying on government funding, any disruption can have cascading effects on service delivery, finances, and trust. And that disruption can come just as easily from funding insecurity or a security breach.
The Funding Squeeze and Its Cybersecurity Consequences
The funding squeeze is impacting cybersecurity directly as federal programs are affected. For example, the Cybersecurity and Infrastructure Security Agency (CISA, which has historically served as a clearinghouse for cybersecurity information sharing for both the government and private sector) has seen proposed budget reductions of as much as 17% ($491 million) and a reduction in 1,000 staff (RIMS, 2025).
Beyond such proposed cuts, the recent government shutdown has also resulted in cascading effects for cybersecurity (WPN, 2025). The cessation of so many critical cybersecurity related organizations and projects has immediately impacted not only the cybersecurity profession but ripples across to most industries. Even worse, a prolonged shutdown poses a threat to a wide range of essential information security related services and increases the risk to national infrastructure.
How does this impact us in the commercial sector? Let’s look at some of the possible impacts:
Shrinking Budgets, Growing Threats
When funding gets less secure, hiring is chilled. Technology upgrades get delayed. IT teams face strain and reduced resources. All of this creates an attractive environment for cyber threats.
Building Pressure on Legacy Systems
Without regular upgrades, legacy systems get outdated, making them more vulnerable, and people are already paying the price. For example:
- Rhode Island: The RIBridges benefits system (Medicaid, SNAP) was brought down by a cyberattack, and sensitive information was exposed (The Verge, 2024).
- Georgia Medicaid Contractor: Billing and service data for over 900 recipients were exposed through inadequate access controls (Metro Atlanta CEO, 2025).
Compliance Costs
HIPAA and state privacy laws remain strict, even as funding for compliance, audits, and IT security is cut. The cost for HIPAA violations can be steep, and after recent changes could be as much as $2 million annually (HIPAA, 2025).
Mission at Risk
Budget pressures can force a choice between frontline services and secure infrastructure, putting both at risk.
Cybersecurity Cannot Be Deferred
Unfortunately, cybersecurity threat actors are a real and present danger to healthcare; the crippling of the funds and services that support us have direct impacts across the cybersecurity ecosystem. This was made apparent during the Change Healthcare Incident (2024–2025) where a breach disrupted Medicaid claims processing nationwide. The Center for Medicare and Medicaid Services (CMS) allowed interim payments to states, but this showed how vendor disruptions ripple financially and operationally (CMS, 2025).
The same is true when we experience cuts to Cybersecurity support programs. Federal reductions to programs like CISA and the Information Sharing and Analysis Centers (ISACs, with sector-specific arms [e.g., H-ISAC]) leave nonprofits and government agencies without critical guidance and shared threat intelligence (Times Union, 2025).
These examples demonstrate that policy and funding pressures directly increase vulnerability to cyber threats at our doorsteps.
Practical Steps for Resource-Constrained Agencies
The real question is what do we do about this? Fortunately, there are some best practices we can do to help protect ourselves during these uncertain times:
Adopt secure case management systems with encryption, audit trails, and role-based access.
Train staff regularly on phishing, data handling, and security awareness.
Conduct audits to catch vulnerabilities early.
Partner with cybersecurity-savvy vendors who understand nonprofit/government needs.
Leverage grants and targeted funding to upgrade tech and security wherever possible.
The Bigger Picture
Policy changes and funding cuts are cybersecurity issues, not just financial ones. Underfunded systems and strained staff create vulnerabilities that cybercriminals can and are actively exploiting. Aa a result, we must see that investing in cybersecurity is mission-critical, protecting both services and the communities served.
Cybersecurity isn’t just protecting machines—it’s protecting the people behind them. Cybersecurity Awareness Month (CSAM) reminds us that safeguarding sensitive information isn’t just about technology; it’s about policy, funding, and mission continuity.
References
- RMM. The Impact of Federal Budget Cuts on Cyber Defenses. 2025.
- WPN. Us Shutdown Halts IT Security Projects Boosts Cyber Vulnerabilities. 2025.
- Metro Atlanta CEO. Breach May Have Exposed Some Georgia Medicaid Recipients’ Health Information. 2025.
- The Verge. Rhode Island’s online benefits system shuts down after cyberattack. 2024.
- AHQ. HIPAA Violations 2025 Updated. 2025.
- CMS. Statement on Continued Action to Respond to the Cyberattack on Change Healthcare. 2025.
- Times Union. Cuts to Nonprofit Cybersecurity Support Programs. 2025.
