Cybersecurity

The threat environment has outpaced the regulatory frameworks, procurement systems, and organizational structures built to address it.

Cybersecurity is no longer just an IT issue. It is a national security concern, an economic risk, a public safety issue, and a growing source of regulatory and procurement pressure for companies, contractors, critical infrastructure operators, and government agencies.

Federal frameworks like CMMC, FedRAMP, and FISMA are reshaping how government contractors and technology companies approach security compliance. At the state level, requirements are fragmenting — with legislatures and regulators developing their own standards, incident reporting requirements, and procurement conditions that don’t always align with federal direction.

When these environments fail, the consequences are immediate and public: a ransomware attack on a water utility, a breach in a defense supply chain, or a local government incident that becomes a public crisis. IBM’s 2025 Cost of a Data Breach Report found that ransomware-related breaches averaged roughly $5.08 million — and that figure still does not capture the full damage from lost public trust, regulatory exposure, operational disruption, and political fallout.

Vertex helps clients navigate the government environments where cybersecurity policy, procurement, funding, and risk decisions are made — before those decisions harden.

North Carolina Spotlight

  • A record 2,349 data breaches were reported to the North Carolina Department of Justice in 2025, impacting more than 9 million North Carolinians.
  • Local governments remain among the most vulnerable — Winston-Salem and Thomasville both had municipal systems knocked offline by cyberattacks in 2025, while a July 2024 attack on the Town of Apex compromised data for roughly 22,000 residents
  • North Carolina released a new statewide IT strategic plan in 2025 — signaling significant state investment in cybersecurity standards, compliance requirements, and procurement conditions that will reshape how agencies and vendors operate across the state

Specialty Areas

  • Legislative engagement and regulatory affairs across federal, state, and local cybersecurity policy, including appropriations strategy, oversight committee engagement, and emerging cyber legislation
  • Federal and state cybersecurity regulatory framework and policy strategy, including CMMC, FedRAMP, FISMA, NIST Cybersecurity Framework, Zero Trust mandates, post-quantum cryptography requirements, state IT security policy, and public-sector cybersecurity governance
  • Cybersecurity funding, appropriations, and grant navigation, including the State and Local Cybersecurity Grant Program (SLCGP), federal appropriations, North Carolina cybersecurity funding, and audit preparedness
  • Cybersecurity procurement and contracting strategy, including procurement pathway navigation, contract vehicles, GSA schedules, vendor qualification, approved product list positioning, state IT procurement compliance, and small business set-aside strategy
  • Critical infrastructure and cyber coordination strategy, including ICS/OT security, CISA frameworks, election security policy and coordination, sector-specific policy, ISAC and fusion center engagement, and public-private information sharing 
  • Cyber incident reporting strategy, including CIRCIA compliance, state breach notification obligations, public-sector reporting requirements, and incident response coordination
  • Supply chain cybersecurity and secure software policy, including Software Bill of Materials (SBOM) requirements, secure-by-design expectations, vulnerability disclosure, secure development requirements, vendor risk management, and foreign technology risk
  • AI in cybersecurity, including threat detection policy, automated response frameworks, adversarial AI risk, model security, and regulatory engagement
  • Cybersecurity insurance market and regulatory landscape, including coverage availability, affordability trends, underwriting requirements, legislative and regulatory developments, and North Carolina Department of Insurance (NCDOI) oversight 

Relevant Regulatory & Government Bodies

Federal

  • Cybersecurity and Infrastructure Security Agency (CISA)
  • Defense Information Systems Agency (DISA)
  • Federal Bureau of Investigation (FBI)
  • General Services Administration (GSA)
  • National Institute of Standards and Technology (NIST)
  • Office of Management and Budget (OMB)
  • U.S. Department of Commerce (DOC)
  • U.S. Department of Defense (DoD)
  • U.S. Department of Homeland Security (DHS)
  • U.S. Department of Justice (DOJ)
  • U.S. Senate & House Commerce and Homeland Security Committees

North Carolina

  • North Carolina Department of Administration (NCDOA)
  • North Carolina Department of Information Technology (NCDIT)
  • North Carolina Department of Insurance (NCDOI)
  • North Carolina Department of Justice (NCDOJ) 
  • North Carolina Department of Public Safety (NCDPS) 
  • North Carolina General Assembly (NCGA)
  • North Carolina Joint Cybersecurity Task Force
  • North Carolina National Guard (NCNG)
  • NC Office of State Budget and Management (OSBM) 
  • North Carolina State Bureau of Investigation (SBI)
Vertex Logo - Home
Let's Talk