As cyber threats grow more sophisticated, the cost of defending digital infrastructure continues to climb. Fortunately, a range of federal and state programs are stepping up to help utilities, governments, and small businesses invest in advanced cybersecurity technologies.
From tax breaks to grant funding, these initiatives offer both financial relief and strategic support for organizations looking to develop their cybersecurity strategy.
Here's a deeper look at the most impactful cybersecurity incentives available today.
For more information on cybersecurity best practices, watch Impact’s webinar, How to Hack Your Business.
FERC Order No. 893: Incentives for Utility Cybersecurity Investments
The Federal Energy Regulatory Commission’s Order No. 893 is a landmark policy designed to encourage the voluntary investment in cybersecurity technologies that go beyond mandatory compliance.
Recognizing that utilities are often hesitant to spend on non-required upgrades, FERC introduced a framework that allows them to recover costs through incentive-based rate treatments.
Utilities can apply through two pathways: the Prequalified List (PQ List), which fast-tracks approval for technologies already deemed effective, and a case-by-case review for newer or less common solutions.
These incentives include regulatory asset treatment, allowing utilities to defer cost recovery for expenses like software, monitoring systems, and workforce training. Performance-based rate incentives are also available, rewarding utilities for measurable improvements in their cybersecurity posture.
Importantly, these incentives apply only to voluntary investments—those not already mandated by NERC’s Critical Infrastructure Protection (CIP) standards. This distinction ensures that utilities are rewarded for going above and beyond, rather than simply meeting baseline requirements.
Section 179: A Tax Break for Cybersecurity Investments
Section 179 of the IRS Tax Code offers a powerful incentive for businesses investing in cybersecurity infrastructure. Instead of depreciating equipment over several years, companies can deduct the full cost of qualifying purchases in the same tax year.
This immediate write-off can significantly reduce tax liability, making it easier for businesses to prioritize cybersecurity upgrades.
Eligible purchases include a wide range of digital and physical security tools. Firewalls, antivirus software, intrusion detection systems, and encryption tools all qualify, as do physical security devices like surveillance cameras and access control systems. Even cybersecurity training software may be eligible, provided it’s used for business purposes.
To take advantage of Section 179, businesses must ensure that the equipment is purchased and placed into service within the calendar year. This makes strategic planning essential as timing your cybersecurity investments to align with tax deadlines can maximize the financial benefit.
Executive Order 13636: Improving Critical Infrastructure Cybersecurity
Executive Order 13636, signed in 2013, marked a turning point in the federal government’s approach to cybersecurity. It called for a coordinated effort between the public and private sectors to protect critical infrastructure from cyber threats.
One of its most significant outcomes was the development of the NIST Cybersecurity Framework—a voluntary set of standards and best practices that organizations can use to improve their cybersecurity.
The order also emphasized the importance of information sharing. By improving the flow of threat intelligence between government agencies and private companies, EO 13636 aimed to create a more unified and responsive cybersecurity ecosystem.
Privacy and civil liberties were also central to the directive, ensuring that enhanced security measures did not come at the expense of individual rights.
While the EO itself does not offer direct financial incentives, it laid the groundwork for many of the programs that do. Its legacy continues to shape federal cybersecurity policy and influence how organizations approach risk management.
State and Local Cybersecurity Grant Program (SLCGP)
The State and Local Cybersecurity Grant Program (SLCGP) is a federally funded initiative designed to help state, local, and territorial governments strengthen their cybersecurity defenses. Administered by FEMA and CISA, the program provides $91.75 million in funding for FY 2025, with strict guidelines to ensure equitable distribution.
To qualify, entities must submit a CISA-approved Cybersecurity Plan outlining their strategy for governance, risk assessment, and implementation. The program requires that 80% of funds support local governments, with 25% specifically earmarked for rural jurisdictions.
Plus, the 40% cost-share requirement ensures that recipients are invested in the success of their cybersecurity initiatives.
The SLCGP encourages collaboration across jurisdictions and supports multi-entity projects that address shared risks. It’s a vital resource for governments that may lack the funding or expertise to tackle cybersecurity challenges on their own.
Tribal Cybersecurity Grant Program (TCGP)
The Tribal Cybersecurity Grant Program (TCGP) is tailored to the unique needs of Tribal governments, offering $2.1 million in FY 2025 to support cybersecurity improvements. Like the SLCGP, it’s managed by FEMA and CISA and focuses on governance, risk assessments, security protections, and workforce development.
To participate, Tribal governments must establish a Cybersecurity Planning Committee and submit a strategic plan that aligns with federal guidelines. The program was shaped through nation-to-nation consultations, ensuring that it respects Tribal sovereignty and addresses the specific challenges faced by Tribal communities.
The TCGP is more than just a source of funding—it’s a recognition of the critical role Tribal governments play in national infrastructure and the importance of ensuring their digital resilience.
SBA Cybersecurity Infrastructure Grants
The Small Business Administration’s Cybersecurity for Small Business Pilot Program is a lifeline for startups and emerging entrepreneurs. In FY 2024, the SBA awarded $3 million in grants to state agencies, with individual awards ranging from $1 million to $1.045 million.
These funds are used to provide cybersecurity training, counseling, and tailored support to small businesses.
Since its launch in 2022, the program has distributed nearly $9 million, helping small businesses build robust defenses during their most vulnerable early stages. In addition to grants, the SBA offers resources through its network of Resource Partners, including online tools and in-person workshops.
This program is especially valuable for businesses that lack dedicated IT staff or cybersecurity expertise. By providing access to training and support, the SBA is helping small businesses become more resilient and competitive in an increasingly digital economy.
Final Thoughts
Cybersecurity incentives are critical for building resilience across sectors. Whether you're a utility seeking rate recovery, a small business looking to offset costs, or a government agency planning strategic upgrades, these programs offer financial and operational support to help you stay ahead of evolving threats.
Key Takeaways:
- FERC Order No. 893 rewards utilities for voluntary cybersecurity investments.
- Section 179 allows businesses to deduct the full cost of cybersecurity purchases.
- Executive Order 13636 laid the foundation for national cybersecurity collaboration.
- SLCGP and TCGP offer targeted grants to state, local, and Tribal governments.
- SBA grants help small businesses build cyber defenses from the ground up.
Watch Impact’s webinar, How to Hack Your Business, for more information on cybersecurity best practices and insight into the mind and tactics of a hacker.
