EO 14390 raises stakes for enterprise cybersecurity

Source Domain: www.techtarget.com

For years, federal cybersecurity policy has primarily focused on protecting government systems and critical infrastructure. Executive Order 14390: “Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens” signals a broader shift in emphasis. Signed on March 6, 2026, the order reframes cybercrime not only as a national security threat, but also as an economic and societal threat that directly affects citizens, businesses and the digital ecosystem on which they depend.

The executive order lands amid escalating ransomware campaigns, AI-enabled fraud schemes, large-scale phishing operations and financially motivated attacks linked to transnational criminal organizations. Unlike earlier cybersecurity directives that focused heavily on federal modernization, critical infrastructure protection and software supply chain security, EO 14390 emphasizes operational disruption of cybercriminal networks, victim restitution and expanded coordination between government agencies and the private sector.

For enterprise security leaders, the order does not immediately impose a new regulatory framework. However, it signals the direction of federal cyber policy, with greater emphasis on private-sector accountability, expanded information sharing, increased scrutiny of enterprise cyber practices and stronger expectations for cooperation with government-led cyberdefense initiatives.

Skadden, Arps, Slate, Meagher & Flom LLP, in its legal analysis of EO 14390, said that it “is further indication that the Trump administration intends to broaden the role of the private sector in the government’s offense-oriented approach to cyberthreats.”

In practical terms, the order raises an important question for businesses. Is cybersecurity still just an IT risk, or is it becoming a broader legal, operational and governance obligation tied directly to national resilience?