Strategic Priorities in the 2026 US Cyber Strategy and Cybercrime Executive Order

The March 2026 U.S. Cyber Strategy and Cybercrime Executive Order

In early March 2026, President Trump’s administration released two significant cybersecurity policy documents:

• President Trump’s Cyber Strategy for America
• Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens

At first glance, they may look like two separate policy announcements. In reality, they work together with unique purposes.

While the intended audience is broad: federal agencies, critical infrastructure operators, technology providers and the cybersecurity private sector, for cybersecurity leaders, the combination of these documents offers something valuable: a clear signal of where federal cyber priorities are headed and how organizations should be thinking about their own security programs.

Together, they outline how the United States intends to address cyber threats ranging from ransomware and financial fraud to state-sponsored cyber operations.

And while these documents are written at the national level, their implications cascade down to business security programs, vendor risk management practices and cyber defense strategies across industries. But before diving into the strategy itself, it’s helpful to understand how we got here.

How U.S. Cybersecurity Priorities Have Evolved

Cyber policy rarely changes overnight. The March 2026 announcements are the result of years of evolving cybersecurity priorities shaped by major incidents, emerging technologies and geopolitical tensions.

Cybersecurity policy milestones leading to 2026

Why Is the Strategy Emerging Now?

Several trends across cybersecurity, technology and geopolitics help explain the timing of these announcements.

Cybercrime is a national security issue

Financial fraud, ransomware, data-extortion operations and elder fraud (digital/cyber) have increasingly become massive global industries. Many of these campaigns are run by organized cybercrime groups that operate much like businesses themselves, complete with infrastructure, affiliate programs and customer support channels.

Groups such as ShinyHunters (known for multiple large-scale data breaches and extortion campaigns targeting financial and technology firms), Cl0p (associated with the widespread exploitation of the MOVEit Transfer breach in 2023), ALPHV/BlackCat (linked to the ransomware attack against MGM Resorts International in 2023) and many more, have demonstrated how a single vulnerability or data repository can expose millions of records across multiple organizations.

These groups illustrate an important shift in the threat landscape in recent years: cybercrime is dominated by well-organized criminal ecosystems capable of launching large-scale global operations.

This growing sophistication and the financial and national security implications of these attacks is a key reason policymakers increasingly view cybercrime as more than a law-enforcement issue. It is now treated as a strategic national security challenge, which the new cyber strategy and executive order aim to address.

Emerging technologies are changing the cyber landscape

Artificial intelligence, quantum computing and advanced analytics are rapidly reshaping cybersecurity.

These technologies can strengthen defenses, but they can also enable new types of attacks, including:

• AI-generated phishing campaigns
• Deepfake impersonation scams
• Automated vulnerability discovery

Maintaining technological leadership moving beyond awareness is therefore a major focus of the new strategy.

Geopolitical tensions are increasing cyber risk

Cyber operations often accompany geopolitical conflict.

Following rising tensions between the United States and Iran, financial institutions and infrastructure providers have increased monitoring for potential cyber retaliation.

Historically, Iranian-linked cyber actors have targeted municipalities, infrastructure operators and financial systems in the United States.

The message to cybersecurity leaders: Cybersecurity policy is now inseparable from national security policy.

Key Components of the March 2026 U.S. Cyber Strategy

The new cyber strategy is built around six pillars.

1. Shape adversary behavior
2. Promote common-sense regulation
3. Modernize and secure federal government networks
4. Secure critical infrastructure
5. Sustain superiority in critical and emerging technologies
6. Build talent and capacity

Translated further, this means:

• Work together to deter and disrupt attackers
• Remove barriers while maintaining expected cyber hygiene
• Prioritize modernization and resilience
• Collaborate with industry partners and information sharing groups
• Stay ahead technologically
• Somehow find enough cyber talent to support all of the above

Simple enough concepts, but not necessarily easy to achieve.

How the Executive Order Fits Within the Strategy

While the cyber strategy provides a longer-term vision, the executive order focuses on immediate operational action to address the growing cybercrime, fraud and predatory schemes that are impacting Americans.

The order directs federal agencies to treat cybercrime organizations as transnational criminal networks and coordinate diplomatic, law-enforcement and technical capabilities to identify, disrupt and dismantle them.

Key actions include:

• A review of cybercrime response capabilities for combating scam centers within 60 days
• A coordinated action plan for dismantling cybercrime organizations within 120 days
• Develop recommendations for a victim restoration program within 90 days
• Increased diplomatic pressure led by the U.S. Department of State on nations tolerating predatory activities

The executive order essentially acts as the first operational step toward achieving Pillar 1 of the strategy: shaping adversary behavior.

The Broader Direction

Cybersecurity policy is shifting from “defend and recover” to “deter and disrupt.” The federal government is signaling that it intends to:

• Act more aggressively against cybercriminal infrastructure
• Apply diplomatic and economic pressure against states enabling cybercrime
• Expand collaboration with the private sector to track and disrupt threats
• Leverage offensive cyber capabilities alongside defensive protections

For security leaders reading the strategy, the implication isn’t that companies should suddenly launch counter-hacking operations. Instead, the signal is broader: Cybersecurity is no longer viewed solely as a defensive function. It is increasingly treated as a domain where governments and organizations must actively deter and disrupt adversaries. It’s not enough to build in defenses, it’s increasingly about deterring people from trying to circumvent them in the first place.

These types of shifts in tone have historically had a large impact in the private sector through vendor markets and their offerings and features (for example, the “SBOM shift”). This will likely have some impact on the ecosystem of your vendors and how their market and product development shifts.

What Organizations Should Take Away 

National cybersecurity strategies tend to live at 30,000 feet. They set direction, signal priorities and align government agencies, but they rarely come with a detailed implementation checklist. That’s not a flaw; it’s by design.

The Cyber Strategy for America establishes where U.S. cyber policy is heading, while the executive order kicks off the first wave of action focused on cybercrime disruption.

For organizations, the takeaway is simple: You don’t need to wait for detailed federal guidance to start aligning with these priorities. In fact, many of the themes in the strategy are things security teams have been advocating internally for years.

Immediate Actions to Consider

The following are the areas where the strategy reinforces actions that many organizations should already have underway. Understandably, many of these may be sitting on the backburner waiting for time, budget or executive attention.

Use the strategy as an executive conversation starter

This strategy drop may be a means to highlight the importance and revisit the urgency. Security leaders can use the strategy as external validation for investments that leadership may already be considering or delaying.

Sometimes it helps when the message is, “This isn’t just our security team asking for this; it’s a national priority.”

1. Revisit vendor and supply chain risk management

The strategy continues the government’s push to place greater accountability on software and technology vendors.

Actions:

• Identify their most critical technology suppliers
• Confirm vendors maintain secure update and vulnerability disclosure practices
• Review third-party system access
• Incorporate security requirements into procurement processes.

Because sometimes the easiest way into an organization is through someone else’s software.

2. Assume ransomware and data extortion are persistent threats

If ransomware preparedness still lives in the “we should really test that someday” category, is the time to move it higher on the list.

Actions:

• Run a ransomware tabletop exercise with executive leadership
• Test backup restoration times, not just backup existence
• Confirm incident response escalation paths
• Validate legal and communications plans for breach scenarios
• Include critical vendors to align responsibilities

3. Improve visibility across identity, systems and networks

Many of the strategy’s goals, from threat detection to AI-enabled cyber defense, assume organizations have good baseline visibility across identities, endpoints, networks (cloud/hybrid/on-prem).

Actions:

• Reduce standing administrative privileges
• Expand multi-factor authentication coverage
• Monitor privileged account behavior
• Centralize identity logging for investigation and detection

This isn’t new advice, but it continues to pay the highest defensive dividends.

4. Evaluate how emerging technologies are being used internally

Artificial intelligence, automation and advanced analytics are becoming core components of cyber defense.

Organizations should understand:

• Where AI is already being used
• Where it may introduce risk
• Where it can improve detection and response

5. Strengthen relationships with information-sharing communities

Public-private collaboration is a major theme across the strategy.

Organizations should ensure they are participating in appropriate information-sharing initiatives or sector groups, particularly those coordinated through the Cybersecurity and Infrastructure Security Agency.

Long-Term Planning Considerations

Even though the strategy doesn’t provide tactical details, it does reveal where cybersecurity priorities are heading. Organizations that plan around these trends will be better positioned over time, planning for:

• Greater collaboration between government and private cybersecurity teams (as a shared responsibility)
• Benefits of more aggressive international action against cybercrime groups
• Stronger expectations for software and vendor security
• Expanded use of AI in cyber defense
• Expanded need for a stronger cyber workforce

The strategy itself is intentionally high-level, which means the real details will likely appear in the months ahead. Organizations should watch for:

• Federal implementation plans: Agencies will begin translating the strategy’s pillars into operational initiatives, regulatory guidance and funding programs.
• Cybercrime disruption actions: The executive order directs agencies to produce a coordinated disruption plan within 120 days. This could result in increased law enforcement operations targeting ransomware groups and fraud networks.
• Guidance around emerging technology security: Expect additional recommendations related to AI security, advanced cryptography and defensive cyber technologies.
• Potential regulatory changes: While the strategy emphasizes streamlined regulation, future guidance may still introduce updated expectations around key cyber program disciplines, including incident reporting, infrastructure security and vendor risk management.

Final Thoughts

The March 2026 cyber strategy doesn’t introduce brand-new cybersecurity concepts. Instead, it does something equally important: it reinforces the priorities that will likely shape cybersecurity efforts for years to come.

Some of these priorities, like workforce development, infrastructure security and supply chain resilience, have been on the cybersecurity to-do list for quite a while. The difference now is that they are firmly positioned as national strategic priorities and likely candidates to receive a focus of resources for further development.

And while the strategy may leave many operational questions unanswered, it provides a useful framework for organizations asking an important question:

In light of where the cyber landscape is headed, what should our cybersecurity program be preparing for next?

Connect with Weaver’s cybersecurity team to discuss how these developments may impact your organization’s strategy.

©2026