Split giant projects into small ones, award it to better smaller companies, require interoperability via API that is clearly documented and ask for around the clock security monitoring and patching. The last things being the same thing you do at any decent private company.

IBM or Accenture or whoever don't need to be the only ones winning tenders.

The total number of people working on the project might remain similar no matter if it's one company or many smaller companies. Writing clear documentation and API, well thought from the start is harder the larger the project.

Maybe there would be a benefit from having less layers of management, but multiple small companies or one big could have the same structure.