In March 2023, the Biden administration proposed the National Cybersecurity Strategy “to secure the full benefits of a safe and secure digital ecosystem for all Americans.”

The plan required private companies to participate in more stringent cyber security measures. It also promised to support the development of a framework for cyber security regulations, and to incentivize private companies’ proactive addressing of critical vulnerabilities.

In June 2025, President Trump issued an executive order superseding some cyber-related regulations from not only the Biden but also the Obama administrations. Among other objectives, the new order modifies cyber security requirements federal vendors must meet, though key restrictions on defense contractors remain.

Given the Trump administration’s emphasis on private sector deregulation, it’s unclear as of this writing exactly how much of the National Cybersecurity Strategy will remain in place and in force. As the Brookings Institution notes, “it’s fair to say that [the second Trump administration] is likely to reject those aspects of any strategy that entails more regulation of the private sector.”

However, the Cybersecurity and Infrastructure Security Agency’s (CISA) strategic plan for FY 2024-2026 aligns with the strategy, suggesting it will inform national policy to some degree for the immediate future.

As part of their ongoing efforts to mitigate cyber risk and strengthen their cyber security posture, your business clients need to be aware of how the strategy’s provisions may affect them.

What Businesses Need To Know About the National Cybersecurity Strategy

The 39-page document published in 2023 outlined five “pillars” for improving the nation’s resilience against cyber attacks:

• Pillar 1: Defend Critical Infrastructure
  Expand and modernize cyber security measures in the public and private sectors to better protect critical infrastructure and essential services.
  
• Pillar 2: Disrupt and Dismantle Threat Actors
  Use all available resources to dismantle malicious cyber actors capable of threatening U.S. national security or public safety.
  
• Pillar 3: Shape Market Forces To Drive Security and Resilience
  Shift more responsibility to those in the digital ecosystem who are best positioned to mitigate risks, such as large corporations and cyber security software companies.
  
• Pillar 4: Invest in a Resilient Future
  Invest in more research and development for next-generation technologies to ensure that the U.S. remains at the forefront of innovation in cyber security.
  
• Pillar 5: Forge International Partnerships to Pursue Shared Goals
  Leverage multinational coalitions and alliances to combat threats to the digital ecosystem.
  

The strategy also incorporated prior directives increasing cyber security standards for U.S. government agencies and their contractors, as well as pipeline operators and transportation businesses.

Again, how much of this cyber security strategy will remain intact is yet to be seen. For example, the Brookings Institution also notes that the strategy’s aim of holding software companies liable for cyber security lapses “was always a longer-term goal needing congressional action.”

At the same time, the Biden administration built on the first Trump administration’s emphasis on “collaborative defense of the digital ecosystem” and other priorities, and strong cyber security for the government and the nation is a bipartisan issue.

Three Aspects of Cyber Security Your Clients Must Consider

Your business clients should expect that the National Cybersecurity Strategy will affect them. They should take the attention the issue is receiving as an opportunity to evaluate their own strategy, refining and strengthening it as needed.

Here are three key aspects of cyber security you, as their broker and trusted cyber expert, can help them consider:

Assess Vulnerabilities and Risks

What is the first step in cyber security strategy? One must understand the threat landscape and identify operational risks and vulnerabilities. Your business clients must take this step even if the federal government doesn’t ultimately require them to do so.

If for no other reason, it makes sound financial sense. The sooner a business can identify and remedy a cyber security weakness, the less likely it is to incur financial losses were a cyber attack to exploit that weakness.

Your clients must conduct formal vulnerability scans and penetration tests to find exploitable entry points. They’ll also need to properly evaluate third-party vendors and software providers to reduce their danger of supply chain attacks.

Implement Security Measures

Businesses must implement preventive measures addressing detected supply chain vulnerabilities. These measures may include:

• Providing regular security training for employees
  
• Incorporating anomaly detection tools
  
• Patching known exploits

Your clients must also have a comprehensive incident response plan in place to mitigate the damage hacks and data breaches can cause.

The National Cybersecurity Strategy promised to help the private sector by sharing information and providing practical guidance and support for combating cyber threats. Your clients should take full advantage of whatever assistance from federal agencies emerges.

Customize Cyber Security Solutions

No one-size-fits-all business cyber security solution exists. Your clients will almost certainly need to customize their security to meet their specific needs.

However, they’ll still need to implement the basics, such as defense-in-depth or zero-trust access control, patching and update maintenance, and security monitoring.

How ProWriters Can Help Businesses Meet Potential Cyber Regulations

As originally proposed, the National Cybersecurity Strategy would affect businesses in all sectors. Arguably, however, tech companies would shoulder greater responsibility, since the plan holds software companies responsible for hacks.

The strategy could also make the marketplace for Tech E&O Insurance even tougher. Insurance providers are rejecting clients with product or service liabilities that have a history of being hacked due to poor cyber regulations and standards.

Whatever new regulations arise from the plan, if any, carriers are unlikely to ease what they require of those to whom they issue Cyber Insurance policies. Business remains business. Risk remains risk.

Whatever sector your clients are in, you need to know what carriers expect so you can find the policies they need, at appropriate levels and for competitive rates.

Our Digital IQ Comparative Rate Platform lets you research and quote multiple Cyber Insurance policies—as well as E&O, D&O, and EPL Insurance—from leading carriers in mere minutes.

It dramatically streamlines the entire brokering process. Your clients get the protection they need at rates that fit their insurance budgets, and you earn higher commissions than those traditional wholesalers offer.

The Digital IQ Platform is available exclusively to registered ProWriters brokers. To get started, register with ProWriters today.