Palo Alto Networks, FireEye, Fortinet and CyberArk Software have all put in bids for the $14 billion up for grabs in fiscal 2016 cybersecurity spending by the federal government. The four are battling it out, according to Business Insider, representing a fresh flurry of security investment by the feds.

And it’s about time. According to the U.S. Government Accountability Office, between fiscal years 2006 and 2014, cyberattacks on federal agencies increased nearly 12 times over, from 5,503 to 67,168. And, the flow of threats does not seem to be letting up.

In May, hackers accessed about 334,000 taxpayer accounts. More recently, in October, the U.S. Postal Service was targeted. The scope of that hack is still under investigation. But the recent attack on the Office of Personnel Management (OPM) was perhaps the most headline-grabbing.

The federal government’s main employment body revealed in August that about 22.1 million individuals had their Social Security Numbers and other sensitive information affected by a pair of hacks. In addition, 5.6 million people are now estimated to have had their fingerprint information stolen—which could have a big impact on future biometric security initiatives.

State-sponsored attacks are also continuing: China is reportedly continuing hacking attacks on U.S. firms in spite of a pact that banned government spying on companies; authorities are probing a potential Russian hack of Dow Jones; and ISIS has reportedly tried to hack the U.S. electrical grid.

Yet, despite the escalating threat level, the GAO also revealed that the between 2014 and 2016, federal cybersecurity spending grew only 40% — compared with the 1,100% increase in attacks over the past eight years.

Changes are afoot that will increase the focus on cybersecurity, however. After intense debate, the Senate has passed the controversial Cybersecurity Information Act bill, which makes the Department of Homeland Security into a hub for sharing information about cyber-attacks within the government and the private sector. The bill, which has faced privacy concerns from high-tech firms and advocacy groups, must now be reconciled with a separate piece of legislation that was passed by the House of Representatives earlier this year.