Critical Read

Study pegs security benefits of new IT spending

dollar signs 

WHAT: "Security Breaches in the U.S. Federal Government" by Min-Seok Pang, associate professor, Fox School of Business at Temple University, and Huseyin Tanriverdi, associate professor, McCombs School of Business at the University of Texas, Austin.

WHY: The federal IT community has long recognized the importance of moving from legacy support spending to investment in new IT to get more value for the taxpayer and to improve performance and security. But just what kind of improvement does a shift from spending on operations and maintenance (O&M) to development modernization and enhancement (DME) yield for agencies making the move?

A study from two business school professors offers some early insight. The direction of the findings won't be a major surprise, but numbers always make a good talking point. Based on five years' worth of data on security incidents from Federal Information Security Management Act reports, spending data from the IT Dashboard, federal human capital data and other sources, it appears that agencies can expect a 5 percent decrease in the number of security breaches for every 1 percent in funding that moves from O&M to DME or to managed services.

The data also suggests that agencies with geographically far-flung operations experience fewer breaches than those with a large primary footprint.

This isn't Pang's first foray into the weeds of federal IT spending data. His research has also led him to posit a link between united government, when both houses of Congress and the presidency are held by a single party, and spending on new IT initiatives.

In an interview with FCW, Pang said that he's interested in federal IT spending in part because there isn't a lot of empirical research available on the topic, despite the $80 billion-plus in annual spending, and the availability of data on performance. He also noted that he's working independently and is not sponsored by any vendors in the IT space.

VERBATIM: "We find that agencies that invest more in new IT development and modernization experience fewer security breaches than ones that invest more in maintenance of legacy systems. Outsourcing legacy systems to the cloud also reduces the frequency of security breaches. Our results also find that effective IT governance, risk, and control mechanisms also mitigate security risks of the legacy systems. Finally, federal agencies that are geographically or functionally dispersed experience security breaches less frequently than centralized agencies."

Click here to read the full study.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

  • FCW Perspectives
    remote workers (elenabsl/

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

Stay Connected