Strengthening Maryland’s Cybersecurity Economy: Why Buy Maryland Matters
Maryland has long been recognized as a national leader in cybersecurity—home to world-class talent, federal agencies, innovative startups, and established cybersecurity companies. At the center of this ecosystem is a shared responsibility: ensuring that public policy keeps pace with the realities of a rapidly evolving industry.
One of the most impactful tools supporting Maryland’s cybersecurity growth is the Buy Maryland Cybersecurity Tax Credit. Designed to encourage investment in Maryland-based cybersecurity companies, the program has helped drive innovation, job creation, and economic development across the state. However, as the industry matures, so too must the policies that support it.
That’s why the Cybersecurity Association is working with its members during the upcoming legislative session to advocate for targeted improvements to the Buy Maryland Cybersecurity Tax Credit—changes that will expand access, increase flexibility, and strengthen Maryland’s cybersecurity economy for the long term.
This is a critical moment for our community to engage, stay informed, and make its voice heard.
Pictured: Maryland public officials join cybersecurity leaders at the annual Cybersecurity Awards Gala, celebrating innovation, partnership, and leadership across the state’s cyber ecosystem.
What Is the Buy Maryland Cybersecurity Tax Credit?
The Buy Maryland Cybersecurity Tax Credit is a state incentive designed to encourage businesses to purchase cybersecurity products and services from qualified Maryland-based cybersecurity companies. In return, eligible buyers can receive a tax credit equal to a percentage of their qualified investment.
The goal is simple but powerful:
keep cybersecurity dollars in Maryland, support local companies, and fuel continued innovation and workforce growth.
Since its creation, the program has delivered meaningful value to participating companies. However, feedback from industry leaders has made it clear that several structural limitations now restrict the program’s reach and effectiveness.
Nish Thakker, CEO of NXT and Treasurer of the Cybersecurity Association, with Senator Steve Hershey at the 2025 Legislative Summit.
Understanding the Current Challenges
As Maryland’s cybersecurity sector has grown and diversified, parts of the Buy Maryland program have not kept pace with today’s market realities. Several existing restrictions limit who can participate and how fully companies can benefit.
These challenges include:
Eligibility constraints that exclude many growing or established cybersecurity companies
Limits on how service-based offerings qualify for the credit
Caps that reduce the value of the credit for otherwise qualified sellers
Structural barriers that prevent companies from fully realizing the credit’s financial benefit
Left unaddressed, these limitations risk slowing innovation and reducing the program’s long-term impact.
Proposed Buy Maryland Legislative Updates
To ensure the Buy Maryland Cybersecurity Tax Credit continues to serve Maryland’s cybersecurity ecosystem effectively, the Cybersecurity Association, working closely with its leadership, is advocating for several targeted legislative changes.
1. Remove the Under-50-Employee Limit
Currently, eligibility is restricted to companies with fewer than 50 employees. While this may have made sense when the program was first introduced, Maryland’s cybersecurity sector has matured.
Removing this limit would:
Expand eligibility to a broader range of qualified cybersecurity companies
Reflect the realities of today’s growing cybersecurity businesses
Encourage continued hiring and scaling within the state
2. Make the 50% Credit Fully Refundable
Under current rules, some companies cannot fully realize the value of the tax credit. Full refundability would ensure that all Qualified Sellers can benefit, regardless of tax liability structure.
This change would:
Increase the program’s financial impact
Improve predictability for companies planning investments
Make participation more accessible to a wider range of businesses
3. Remove the 25% Services-Only Cap
Cybersecurity today is rarely “products only” or “services only.” Most solutions are integrated, combining software, services, and ongoing support.
Removing the services-only cap would:
Reflect how modern cybersecurity solutions are delivered
Provide flexibility for companies offering hybrid models
Encourage innovation across the full cybersecurity value chain
4. Increase the Revenue Ceiling for Qualified Sellers
As cybersecurity companies grow, they may exceed current revenue thresholds and lose eligibility—despite continuing to invest locally.
Raising the revenue ceiling would:
Allow more established companies to remain engaged
Encourage long-term investment in Maryland
Support sustained economic impact and workforce development
Together, these changes would modernize the Buy Maryland Cybersecurity Tax Credit and position it as a long-term driver of growth for the state.
Why Member Advocacy Is Essential
Legislative progress doesn’t happen in isolation. Policymakers rely on real-world input from businesses, innovators, and industry leaders to understand how programs like Buy Maryland function in practice.
That’s where Cybersecurity Association members play a vital role.
By participating in advocacy efforts, members help:
Share real business impact stories with legislators
Provide data and context that inform policy decisions
Strengthen the collective voice of Maryland’s cybersecurity community
Ensure policies reflect industry realities—not assumptions
Advocacy is most effective when it’s coordinated, informed, and sustained—and that’s exactly the role the Cybersecurity Association is positioned to play.
How the Cybersecurity Association Supports Buy Maryland Advocacy
The Cybersecurity Association serves as a central hub for advocacy, communication, and coordination throughout the legislative session. Our work includes:
Engaging directly with legislators and policymakers
Sharing timely updates and guidance with members
Coordinating collective outreach and messaging
Elevating member perspectives in policy discussions
Translating complex legislative developments into actionable insights
Members don’t have to navigate the legislative process alone. By working together through the Association, the cybersecurity community can advocate more effectively—and with greater impact.
Get Involved
The future of Maryland’s cybersecurity ecosystem depends on thoughtful, modern policy and that requires active participation from the community it serves.
Now is the time for members to:
Stay informed on Buy Maryland advocacy efforts
Engage with Cybersecurity Association updates on LinkedIn
Share insights and experiences that highlight the program’s impact
Participate in coordinated outreach to policymakers
Support advocacy efforts that strengthen the industry as a whole
The Cybersecurity Association will continue working closely with members throughout the legislative session to advance Buy Maryland reforms and ensure Maryland remains a national leader in cybersecurity innovation.
Looking Ahead
Cybersecurity is foundational to Maryland’s economy, national security, and technological leadership. The Buy Maryland Cybersecurity Tax Credit, when modernized, can play an even greater role in supporting growth, innovation, and opportunity across the state.
By staying engaged, informed, and connected through the Cybersecurity Association, members can help shape policies that benefit not just individual companies, but the entire cybersecurity ecosystem.
Stay tuned. Stay involved. And follow the Cybersecurity Association on LinkedIn for ongoing Buy Maryland advocacy updates.
Together, we can strengthen Maryland’s cybersecurity future.
