Will the executive branch’s new cyber strategy be a watershed moment in combating cybercrime?

In the United States, the average cost of a data breach reached a record high of over $10 million. For small businesses, over 60% of breached companies reported financial impacts exceeding $250,000, with many surpassing $500,000. Ransomware attacks were involved in 44% of breaches, up over 30% from 2024. Only around 10% of breaches involve state-affiliated nation-state actors, with the vast majority attributed to organized cyber criminal groups. Three out of four organizations reported that recovery from a cyberattack took longer than 100 days. Lastly, AI-driven cyberattacks and social engineering are increasing costs, with some large-scale AI phishing scams resulting in multimillion-dollar losses. 

With the increase in cybersecurity breach costs, the private sector and insurance industry have been left to bear the costs of a cyber breach. However, the executive branch appears to be focusing its attention on this issue for 2026. On March 6, 2026, the White House published the high-level policy document "Cyber Strategy for America," which sets out six “pillars of action” that guide the administration’s approach to cyber policy. Those pillars include incentivizing the private sector to disrupt cybercriminals, streamlining cybersecurity regulation to encourage private sector development and improvements, modernizing federal defense platforms, securing critical infrastructure while utilizing US-based technology services and products, investing in blockchain technology, quantum computing and artificial intelligence to spurn innovation, and providing opportunities for a robust American cyber workforce.

Also on the same date, President Donald Trump signed Executive Order 14390, “Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens.” The EO directs federal agencies to immediately review their existing policy to address cyber threats such as ransomware, malware, phishing, financial fraud, extortion and impersonation schemes. It also seeks to combat transnational criminal organizations (TCOs) and foreign regimes that provide “willing or tacit state support” to cybercrime. Pursuant to the EO, the Secretary of State, the Secretary of the Treasury, the Secretary of War, the Attorney General and the Secretary of Homeland Security, in consultation with the Office of the National Cyber Director, and the Assistant to the President and Homeland Security Advisor, will within 60 days, “review the relevant operational, technical, diplomatic, and regulatory frameworks in place to determine how each can be improved to best combat TCOs engaged in cyber-enabled crime and similar predatory schemes against Americans,” and within 120 days, “submit to the president an action plan that identifies the TCOs responsible for scam centers and cybercrime and proposes solutions to prevent, disrupt, investigate, and dismantle these TCOs.” This action plan “shall provide for the creation of an operational cell within the National Coordination Center (NCC).”

While the EO does not impose direct obligations on private entities, it emphasizes public-private partnerships, which previously were limited to high-profile incidents affecting the private sector. Additionally, the EO provides that the US Attorney General must prioritize prosecutions of cyber-enabled fraud and submit within 90 days a recommendation for establishing a victims restoration program. In addition, the Secretary of Homeland Security has been directed to partner with the national cyber director to provide training, technical assistance and resilience building support to state, local, Tribal and territorial entities (SLTTs) for preventing cybercrime. The Secretary of State is directed to engage with foreign governments to demand enforcement action against TCOs and impose consequences on countries that tolerate TCOs.

In a similar effort, the Federal Bureau of Investigations (FBI) has launched Operation Winter SHIELD (Securing Homeland Infrastructure by Enhancing Layered Defense) in 2026. Operation Winter Shield details the FBI’s most impactful actions organizations can take to improve resilience against cyber intrusions. These recommendations draw on recent investigations to reflect adversary behavior and defensive gaps. The campaign positions “industry not as passive victims or recipients of intelligence but as critical allies alongside the FBI and our partners in detecting, confronting, and dismantling cyber threats.” The FBI initiative does not delegate further funding towards this mission nor is it a specific allocation of Congressional budget. Rather, it is a nine-week campaign to promote awareness from already-existing and allocated funds within the FBI.

Will this change private entities’ approach to ransomware and other cybersecurity attacks? It remains to be seen. On the one hand, most threat actors are overseas, creating jurisdictional enforcement obstacles. Notably, the cyber strategy fails to acknowledge top adversarial actors such as Russia or China. It is unknown how effective diplomatic pressure will be against countries where scam operations are widespread or loosely regulated. Additionally, coordination between agencies that are potentially expanding government surveillance or intelligence sharing will warrant a close review and may warrant challenges. No specific legal framework is presented as the avenue for the aspirational and offensive-leaning goals of the executive branch’s cyber-related policies.

There are also questions about how much funding and staffing would be required to fully implement the new coordination efforts in light of the executive branch’s initiatives to reduce the federal workforce. As of March 2026, the Cybersecurity and Infrastructure Security Agency (CISA) faces significant operational strain due to a 30% workforce reduction and ongoing Department of Homeland Security funding lapses. Planned town hall series to gather final input on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) were also postponed due to the funding shutdown. Although the executive branch highlights private sector engagement in their initiatives, the operational and legal implications of incentivizing private-sector disruption of adversary networks leads to high risk. None of these policies, initiatives, nor the EO details how corporate liability will be shifted to assume less risk.

The executive branch’s recent policies, initiatives and executive orders, at a minimum, acknowledge that the current system of leaving cyber defense to the private market to be funded by private businesses and the insurance market presents a need for change. How it actually impacts the private sector in the future, will need to be closely monitored and remain to be seen.