Skip to main content

Cybersecurity: New Cyber Strategy; Cybercrime Executive Order

Long-term policies and near-term priorities

Download the Regulatory Alert

Download PDF

KPMG Regulatory Insights

  • Cyber Strategy: Policies and priorities intended to support American leadership in the digital world in areas such as “finance, innovation and emerging technology, military power, and manufacturing.
  • Combating Cybercrime: Directive to harden financial and digital systems against cyber threats, support victims, and counter attacks through “law enforcement, diplomacy, and potential offensive actions.”
  • Aligning Goals: Key features include government coordination (across federal agencies and between federal and state/local authorities), public-private collaboration (to expand innovation and scale), and engagement with foreign governments (including a focus on enforcement actions and potential for other consequences, where appropriate.)
  • Looking Ahead: Organizations will need strong cybersecurity programs consistent with existing frameworks (e.g., NIST CSF, ISO 27001) to respond to evolving cybercrime risk, including impacts to critical infrastructure, and given the expectation of an increase in public-private collaboration.
March 2026

The Administration has released its "Cyber Strategy for America" (Cyber Strategy) and issued an Executive Order, entitled “Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens”. Together, these actions outline the Administration’s intended approach to cybersecurity, aligning high‑level strategic policies and priorities with near‑term operational directives.

The Cyber Strategy provides overarching policy architecture, while the Executive Order establishes immediate priorities for interagency coordination, enforcement, and international cooperation.

Cyber Strategy

The Cyber Strategy articulates the Administration’s long‑term direction for federal cybersecurity policy. It frames cybersecurity as integral to national security and economic competitiveness and emphasizes coordinated action across federal agencies and the private sector. The strategy is organized around six policy pillars that collectively address deterrence, regulatory approach, network security, infrastructure resilience, technological leadership, and workforce development.

Strategy Policy Pillar

Details

Shape Adversary Behavior

  • Emphasize deterrence through the full range of U.S. government cyber capabilities (offensive and defensive)
  • Incentivize private‑sector identification and disruption of malicious actors and adversary networks to scale national capabilities

Promote “Common Sense” Regulation

  • Streamline data and cybersecurity regulations with alignment across regulators and industries
  • Focus on liability and privacy protection

Modernize and Secure Federal Government Networks

  • Implement cybersecurity best practices, zero‑trust architectures, post‑quantum cryptography, and cloud transition
  • Adopt AI‑enabled security tools, and reform procurement to facilitate access to advanced technologies
  • Elevate cyber in public and private leadership

Secure Critical Infrastructure

  • Identify, prioritize, and harden critical infrastructure and related supply chains for defense and adjacent vendors, companies, networks, and services
  • Key sectors include:
    • Energy
    • Financial services
    • Telecommunications
    • Data centers
    • Water utilities
    • Healthcare
  • Promote and employ US technologies; reduce reliance on adversary‑linked vendors
  • State, local, Tribal, and territorial (SLTT) authorities to complement, not substitute for, national cybersecurity efforts

Sustain Superiority in Critical and Emerging Technologies

  • Emphasize critical emerging technologies, including:
    • AI (including data centers, AI-enabled cyber tools)
    • Quantum computing technologies
    • Cryptography (including quantum cryptography)
    • Digital asset infrastructure (including blockchain)
  • Promote security‑by‑design principles across emerging technologies (including generative AI and agentic AI)

Build Talent and Capacity

  • Reconcile cyber-related education and training to promote a talent pipeline across academia, technical/vocational schools, corporations, and venture capital
  • Align incentives across industry, academia, government, and the military to develop a stronger and more integrated cybersecurity workforce pipeline (across industries and occupations)

Executive Order on Combating Cybercrime

The Executive Order focuses on near‑term operational measures to counter cyber‑enabled fraud, ransomware, extortion, and related predatory schemes, particularly those conducted by transnational criminal organizations (TCOs). It emphasizes coordination across federal agencies, engagement with the private sector, and use of diplomatic and enforcement tools.

Executive Order Key Areas

Details

Interagency coordination

Directs:

  • Establishment of a coordination cell within the National Coordination Center (NCC)
  • Detection, disruption, dismantlement, and deterrence of cyber-enabled criminal activity targeting U.S. persons, businesses, and critical infrastructure

Strategic review and action planning

Initial efforts include:

  • 60‑day review of operational, technical, diplomatic, and regulatory tools for combating transnational cybercrime
  • 120‑day action plan identifying responsible criminal networks and potential disruption measures

Public-private collaboration

Encourages:

  • Use of threat intelligence, technical capabilities, and operational insights from commercial cybersecurity firms as support for attribution and disruption of malicious actors

Enforcement and restitution

Demands:

  • Diplomatic engagement with foreign governments to pursue enforcement actions against cybercriminal organizations
  • Department of Justice recommendations on establishing a Victim Restoration Program to return seized or forfeited funds to victims

 

Agency responsibilities to implement the Executive Order are assigned as follows:

Agency/Official

Responsibility

Deadline

Interagency:

  • Secretary of State
  • Secretary of the Treasury
  • Secretary of War  
  • Attorney General
  • Secretary of Homeland Security

In consultation with the Office of the National Cyber Director and the Assistant to the President and Homeland Security Adviser (APHSA):

Combat TCOs through review of, and identification of improvements to, existing operational, technical, diplomatic, and regulatory frameworks  

60 days

Submit an action plan:
  • Identifying TCOs responsible for scam centers and cybercrime
  • Proposing solutions to prevent, disrupt, investigate, and dismantle these organizations
  • Providing for the creation of an operational cell within the NCC to coordinate federal efforts
  • Describing engagement with public companies/resources

120 days

Attorney General

Prioritize prosecutions of cyber-enabled fraud

Ongoing

Recommend through APHSA a Victim Restoration Program for cybercrime, fraud, and predatory schemes

90 days

Secretary of Homeland Security

Acting through CISA in partnership with NCC, support SLTT (state, local, Tribal and territorial government) partners with training, technical assistance, and resilience building

Ongoing

Secretary of State

Engage foreign governments

Ongoing

Apply consequences for non-cooperation, including:

  • Foreign assistance limitations
  • Targeted sanctions
  • Visa restrictions
  • Trade penalties
  • Where appropriate, expulsion from the U.S. of foreign officials and diplomats complicit in cyber-enabled schemes

Ongoing

Dive into our thinking:

Cybersecurity: New Cyber Strategy; Cybercrime Executive Order

Long-term policies and near-term priorities

Download PDF

Explore more

Points of View

Points of View

Insights and analyses of emerging regulatory issues and their impact.

Read more
Regulatory Insights View

Regulatory Insights View

Series covering regulatory trends and emerging topics

Read more

Regulatory Alerts

Quick hitting summaries of specific regulatory developments and their impact.

Read more

Subscribe to receive regulatory and compliance transformation insights

By registering you will periodically receive additional compliance-related communications from KPMG.

Subscribe

Thank you

You are now subscribed to receive Regulatory and Compliance Transformation insights and will receive a confirmation email in your inbox.

Subscribe to receive regulatory and compliance transformation insights

By registering you will periodically receive additional compliance-related communications from KPMG.

All fields with an asterisk (*) are required.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's . Privacy Statement

An error occurred.

Meet our team

Image of Laura Byerly
Laura Byerly
Managing Director, KPMG Regulatory Insights, KPMG LLP
Read bio
Image of Michael Isensee
Michael Isensee
Partner, Advisory, KPMG US
Read bio
Image of Matthew P. Miller
Matthew P. Miller
Principal, Advisory, Cyber Security Services, KPMG US
Read bio
Image of Laura Byerly
Laura Byerly
Managing Director, KPMG Regulatory Insights, KPMG LLP
Read bio
Image of Michael Isensee
Michael Isensee
Partner, Advisory, KPMG US
Read bio
Image of Matthew P. Miller
Matthew P. Miller
Principal, Advisory, Cyber Security Services, KPMG US
Read bio

KPMG. Make the Difference.


Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. KPMG LLP does not provide legal services.

The information contained herein is not intended to be “written advice concerning one or more Federal tax matters” subject to the requirements of section 10.37(a)(2) of Treasury Department Circular 230.

© 2026 KPMG LLP, a Delaware limited liability partnership, and its subsidiaries are part of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.
All fields with an asterisk (*) are required.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's . Privacy Statement

An error occurred.

Job seekers

Visit our careers section or search our jobs database.

Search now!

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Submit

Office locations

View locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Learn more

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Contact

Headline