With a second term on the horizon, Trump’s cybersecurity policies could shape the future of US defenses against ransomware, business email compromise, and cyber espionage.
The big picture
The return of Trump to the presidency has cyber experts looking for notable changes in how the US will deal with international threats in cyberspace, especially while many ransomware attacks and business email compromises continue to disrupt American businesses.
What we’re watching
Russian cybersecurity threats
Business email compromise and ransomware are major threats to US businesses, with many attacks linked to Russian cyber actors.
The Biden administration has imposed sanctions on Russia in response to incidents like election interference and the SolarWinds attack, which began during Trump’s tenure.
However, Trump’s previous minimization of the Russian cyber threat could lead to a different approach.
Nonetheless, the ongoing financial burden of ransomware mandates a response, regardless of political shifts.
China's cyber espionage
Trump has long criticized China’s cyber espionage, particularly its theft of intellectual property from US companies. Though he proposed additional tariffs on Chinese goods to address these concerns, it remains unclear whether such measures will deter China’s cyber activities.
Iran's cyber operations
Iran remains one of the most active cyber adversaries with its recent cyberattacks on Israeli infrastructure amidst escalating tensions in the Middle East. According to Microsoft, Iran’s cyberattacks include recently hacking Trump’s campaign “in an apparent effort to stir up controversy or sway voters.”
With Trump’s return to office, his policies could increase pressure on Iran, potentially leading to more direct actions on both the cyber and economic fronts.
Cybersecurity regulations
The Biden administration pursued new cybersecurity regulations following high-profile incidents like the Colonial Pipeline attack. Comparatively, Trump’s approach leaned towards voluntary standards, citing concerns over regulatory burdens on businesses.
Minimal federal intervention could mean a shift to less stringent requirements, possibly relying more on industry-driven guidelines rather than enforceable federal mandates.
SEC cybersecurity rules
Under Biden-appointed SEC Chair Gary Gensler, companies must disclose material cybersecurity incidents and outline their mitigation strategies. Since Trump previously pledged to fire the SEC chairman on the first day of his second administration, a Trump-led SEC could shift away from these strict requirements, which might decrease transparency but ease compliance burdens on businesses.
CISA’s role
Trump’s dismissal of Chris Krebs, the head of the Cybersecurity and Infrastructure Security Agency (CISA), reflected Republican skepticism about the agency.
So, as cyberattacks on US businesses escalate, it remains uncertain whether Trump would support strengthening CISA or diminishing its role. However, reducing CISA's capacity could limit the federal government’s ability to address growing cyber threats to the private sector.
Artificial Intelligence (AI) and cybersecurity
While Biden's approach has focused on creating ethical frameworks for AI use, Trump prioritizes rapidly adopting AI. Wedbush Securities analyst Daniel Ives notes, "Under a Trump Administration, we would expect major AI initiatives within the U.S. government, including the Department of Defense…”
These changes could accelerate technological innovation but reduce regulatory oversight, particularly concerning high-risk applications.
Encryption controversy
Former Attorney General William Barr criticized tech companies for using encryption methods that law enforcement could not access. If Trump appoints a new attorney general with similar views, his administration may weaken encryption standards, which could compromise the privacy and security of digital communications.
Why it matters
Business email compromise and ransomware attacks have struck the private sector across almost every industry in the United States, and the economic cost of cybercrime cannot be ignored.
Trump’s focus on economic priorities could mean reduced regulatory cybersecurity measures, potentially leaving private infrastructure vulnerable if self-regulation fails.
The bottom line
Trump’s stance toward Russia, China, and Iran could shape the geopolitical cyber landscape, with impacts extending from sanctions to trade policies to how companies prepare for cyber threats.
Read also: Cybersecurity trends for 2025 and beyond
FAQs
How are regulations like HIPAA changing with new cyber threats?
HIPAA regulations are becoming stricter to address evolving cybersecurity threats. Healthcare organizations must update their encryption practices and use HIPAA compliant platforms like Paubox to avoid these risks.
Can state-sponsored cyberattacks affect healthcare systems?
Yes, state-sponsored cyberattacks cause serious disruptions to health systems, compromising patient privacy and security.
How can healthcare organizations prepare for cyber threats?
Healthcare organizations must do regular risk assessments, invest in advanced security measures, and use a HIPAA compliant communication platform like Paubox to secure protected health information (PHI).
Additionally, they should train staff on cybersecurity awareness and develop an incident response plan to counter potential cyberattacks.
Learn more: HIPAA Compliant Email: The Definitive Guide
