For years, federal cybersecurity policy has primarily focused on protecting government systems and critical infrastructure. Executive Order 14390: “Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens” signals a broader shift in emphasis. Signed on March 6, 2026, the order reframes cybercrime not only as a national security threat, but also as an economic and societal threat that directly affects citizens, businesses and the digital ecosystem on which they depend.
The executive order lands amid escalating ransomware campaigns, AI-enabled fraud schemes, large-scale phishing operations and financially motivated attacks linked to transnational criminal organizations. Unlike earlier cybersecurity directives that focused heavily on federal modernization, critical infrastructure protection and software supply chain security, EO 14390 emphasizes operational disruption of cybercriminal networks, victim restitution and expanded coordination between government agencies and the private sector.
For enterprise security leaders, the order does not immediately impose a new regulatory framework. However, it signals the direction of federal cyber policy, with greater emphasis on private-sector accountability, expanded information sharing, increased scrutiny of enterprise cyber practices and stronger expectations for cooperation with government-led cyberdefense initiatives.
Skadden, Arps, Slate, Meagher & Flom LLP, in its legal analysis of EO 14390, said that it “is further indication that the Trump administration intends to broaden the role of the private sector in the government’s offense-oriented approach to cyberthreats.”
In practical terms, the order raises an important question for businesses. Is cybersecurity still just an IT risk, or is it becoming a broader legal, operational and governance obligation tied directly to national resilience?
A sign of the times
The order was issued as the federal government confronted a sharp rise in cyber-enabled fraud and online criminal groups targeting Americans. The administration specifically identified ransomware, malware, phishing, impersonation scams, sextortion schemes and financial fraud as major threats increasingly tied to foreign-based criminal networks.
EO 14390 directs multiple federal agencies — including the Departments of Homeland Security, Treasury, Justice, State and Defense — to review existing operational and regulatory frameworks within 60 days and produce a coordinated action plan within 120 days to identify, disrupt and dismantle cybercriminal organizations. The order also calls for expanded threat intelligence sharing, enhanced cooperation with state and local governments, increased law enforcement coordination, the development of a victim restoration program using seized criminal assets and international diplomatic pressure against nations that tolerate cybercrime operations.
What distinguishes EO 14390 from previous federal cyber directives is its operational focus on cyber-enabled financial crime and fraud ecosystems rather than purely defensive cybersecurity modernization. This matters for enterprises because the federal government increasingly views private-sector organizations not merely as victims of cybercrime, but as active participants in national cyberdefense.
Increased public-private collaboration
One of the most immediate implications for enterprises is deeper collaboration with federal agencies. The order directs agencies to strengthen coordination through an operational cell, intelligence-sharing initiatives and resilience-building programs. For CISOs, this could translate into expanded expectations around sharing indicators of compromise, participating in sector-specific information-sharing groups, cooperating during federal investigations and providing telemetry or incident data to agencies such as CISA or the FBI.
Many organizations already engage in these activities voluntarily through Information Sharing and Analysis Centers (ISACs) or public-private partnerships. EO 14390 could accelerate movement toward a more structured expectation of participation, particularly among companies operating in finance, healthcare, telecommunications, retail and critical infrastructure sectors.
Security teams should expect federal agencies to become more proactive in seeking collaboration during active cyberincidents, particularly when attacks appear tied to broader criminal campaigns.
The good news
From an enterprise perspective, the executive order could offer several potential advantages:
- Faster incident response. Improved coordination between government agencies and the private sector could accelerate threat identification and disruption. Organizations could gain earlier access to actionable intelligence regarding ransomware groups, fraud campaigns and emerging attack techniques.
- Stronger ecosystem security. A more coordinated national cyberdefense posture can help reduce systemic risk across industries. Since supply chain attacks increasingly affect multiple organizations simultaneously, collective defense mechanisms benefit everyone.
- Greater cybersecurity investment. For CISOs struggling to secure budget approval, the policy environment could become more favorable. Federal emphasis on cyber-resilience gives security leaders stronger leverage when advocating for modernized security architecture, backup and recovery, identity and access management improvements, detection and response tooling, security awareness programs, third-party risk management and more.
- Expanded cyber workforce development. The order’s focus on training and resilience-building could help address ongoing cybersecurity talent shortages through expanded certification and workforce initiatives.
- Elevated executive awareness. Perhaps most importantly, EO 14390 further elevates cybersecurity as a boardroom issue. CISOs could find it easier to obtain executive attention, funding and cross-functional support.
The bad news
At the same time, enterprises should be realistic about the potential downsides of the executive order:
- More federal scrutiny. Expanded collaboration with government agencies can introduce concerns around data privacy, customer trust, legal privilege, investigative exposure and cross-border data handling. For CISOs, this raises the importance of demonstrable governance. Regulators and litigators increasingly require evidence that organizations maintain modern security controls.
- Incident reporting. EO 14390 reinforces a broader federal trend toward faster and more comprehensive incident reporting. While the order does not directly impose new breach notification timelines, it reflects growing federal interest in obtaining visibility into cybercrime activity affecting both citizens and businesses.
- Resource strain. Threat sharing, incident coordination and compliance efforts require personnel and infrastructure investments. Smaller organizations could struggle to keep pace.
- Potential liability expansion. As federal expectations rise, organizations that lag in cybersecurity maturity could face increased litigation and regulatory exposure following incidents. The order’s proposed victim restoration program reflects a broader policy emphasis on accountability and recovery for cyber-related harm.
- Ambiguity around “reasonable” security. Regulators often expect organizations to maintain “reasonable” cybersecurity without universally defining what that means in practice. CISOs could face increasing pressure to justify security decisions after incidents occur.
What now?
For CISOs, the best response to EO 14390 is operational maturity. Organizations should focus on several immediate priorities:
- Strengthen incident response readiness. Review and test incident response plans regularly. Ensure executive leadership, legal teams, communications staff and technical responders understand escalation and reporting procedures.
- Improve threat intelligence integration. Participate actively in ISACs, sector partnerships and government information-sharing initiatives. The ability to operationalize shared intelligence quickly will become increasingly valuable.
- Reassess data governance. Evaluate how customer data is collected, stored, retained and protected. Fraud prevention and identity verification controls deserve renewed scrutiny.
- Increase board engagement. Boards should receive regular cyber-risk briefings that address operational exposure, business continuity implications and regulatory developments.
- Invest in workforce development. Security talent shortages remain a major operational risk. Enterprises should continue expanding training, certification and retention programs while taking advantage of government-supported initiatives where available.
- Document security decisions. Organizations should maintain clear records of risk assessments, security investments, policy decisions and remediation efforts.
EO 14390 reflects an important evolution in U.S. cybersecurity policy. The federal government is no longer treating cybercrime solely as a law enforcement issue or a federal network protection challenge. Increasingly, policymakers view enterprise cybersecurity as part of broader national economic resilience and societal stability.
For enterprises, this means cybersecurity is becoming more central to corporate governance, operational accountability and enterprise risk management. Wilson Sonsini Goodrich & Rosati, in its legal analysis, noted that while the order does not impose any obligations on private businesses, engagement with the federal cyber policy and rulemaking process will likely increase as the administration seeks private-sector input and continues to streamline cyber-related regulations.
Richard Livingston is an editor with Informa TechTarget’s SearchSecurity site, covering cybersecurity news, trends and analysis.
Click Here For The Original Source.
