President Trump Issues Executive Order Targeting Cybercrime: What Businesses Should Know

President Trump has issued a broad executive order aimed at confronting the growing threat of cyber‑enabled crime, signaling a more aggressive, national‑security‑oriented approach than prior federal efforts. The order—released alongside the administration’s “Cyber Strategy for America”—focuses on dismantling transnational criminal organizations responsible for ransomware, financial fraud, phishing, extortion, and related cyber schemes. Although the order does not impose new legal requirements on private companies, it foreshadows increased government engagement with the private sector and heightened enforcement expectations across several industries.

A Shift in Focus: Cybercrime as a National Security Threat

The executive order frames cybercrime not merely as a law‑enforcement problem, but as a national security issue driven by organized criminal networks operating abroad, often with the knowledge or tacit support of foreign governments. Unlike earlier approaches that emphasized software vulnerabilities and critical infrastructure protections, this order targets the criminal enterprises themselves, including scam operations, ransomware groups, and fraud networks exploiting U.S. individuals and companies.

The administration has directed multiple cabinet‑level agencies to treat cybercrime as a coordinated threat requiring diplomatic, regulatory, intelligence, and prosecutorial responses—an approach consistent with other recent initiatives that apply counter‑terrorism‑style tools to organized criminal activity.

Key Elements of the Executive Order

Within 60 days, senior officials from the Departments of State, Treasury, Defense, Homeland Security, and Justice—working with the Office of the National Cyber Director—must conduct a comprehensive review of existing frameworks used to combat cyber‑enabled crime. Within 120 days, the group must deliver a coordinated action plan to the President identifying priority criminal organizations and proposing strategies to disrupt, investigate, and dismantle them.

For businesses, this process is significant because it may generate new voluntary frameworks, changes in enforcement priorities, or requests for cooperation once specific threat actors and sectors are identified.

The order mandates creation of an “operational cell” within the National Coordination Center (NCC) to serve as a central hub for federal cybercrime response. This cell is charged with improving real‑time coordination, intelligence sharing, and rapid reaction across agencies when cyber‑enabled criminal activity affects U.S. persons, companies, or critical infrastructure. Importantly, the operational cell is explicitly directed to engage the private sector where appropriate. This suggests that technology companies, cybersecurity firms, financial institutions, payment processors, and cloud providers may face more frequent requests for technical insights, indicators of compromise, or cooperation in active investigations.

The operational cell is also directed to work closely with DHS and CISA leadership to support state, local, tribal, and territorial entities—particularly by sharing threat intelligence and strengthening defenses against exploitation by cybercriminal organizations.

Expanded Prosecution Priorities

The executive order instructs the Department of Justice to continue and intensify prosecutions involving cyber‑enabled fraud, scam centers, sextortion operations, and related activity. DOJ is encouraged to pursue the most serious available charges, reinforcing the administration’s commitment to aggressive criminal enforcement.

This emphasis may increase scrutiny of companies that operate in sectors adjacent to cybercrime—such as fintech, cryptocurrency, digital advertising, or hosting services—where prosecutors may expect robust detection, monitoring, and cooperation with investigations.

Proposed Victim Restoration Program

The order also directs DOJ to evaluate creation of a Victim Restoration Program, which would return seized or forfeited funds to victims of cyber‑enabled fraud. While recovering assets from overseas criminal networks has historically been difficult, even limited successes could increase victim‑initiated restoration efforts and related litigation.

If implemented, the program may result in additional legal processes involving private entities that helped identify, trace, or freeze illicit funds.

International Pressure and Diplomatic Consequences

On the international front, the order calls for stronger engagement with foreign governments and authorizes consequences for those that fail to act against cybercriminal groups operating within their borders. Potential measures include targeted sanctions, visa restrictions, limitations on foreign assistance, trade penalties, and—in extreme cases—the expulsion of foreign officials implicated in cybercrime activity.

While these tools may be more effective against some jurisdictions than others, they reinforce the administration’s intent to integrate cybercrime enforcement into broader foreign‑policy strategy.

The Cyber Strategy for America: Implications for Regulation

Issued the same day, the administration’s Cyber Strategy for America outlines six high‑level pillars focused on workforce development, infrastructure security, and national cyber capabilities:

1. Shaping Adversary Behavior – a broad promise to counter the spread of surveillance technologies, cybercrime, and intellectual property theft with the express purpose to “create real risk for adversaries who seek to harm [the U.S.] and impose consequences” on threat actors.
2. Promoting Common Sense Regulation – a commitment to “streamline cyber regulations to reduce compliance burdens, address liability, and better align regulators and industry globally” to emphasize Americans’ rights to data privacy.
3. Modernizing and Securing Federal Government Networks – a promise to accelerate federal cybersecurity efforts by implementing “cybersecurity best practices, post-quantum cryptography, zero-trust architecture, and cloud transition,” as well as adopting “AI-powered cybersecurity solutions” and increasing the frequency with which threat actors are investigated.
4. Securing Critical Infrastructure – a broad commitment to secure operational technology supply chains and “move away from adversary vendors and products” for critical infrastructure affecting national security, defense, energy, finance, data centers, utilities, and healthcare.
5. Sustaining Superiority in Critical and Emerging Technologies – a sweeping charge to promote securing cryptocurrencies and blockchain technologies, adopt “post-quantum cryptography and secure quantum computing,” and to “rapidly adopt and promote agentic AI in ways that securely scale network defense and disruption.”
6. Building Talent and Capacity – a focus on “removing roadblocks” to building a skilled cyber workforce and utilizing existing vocational, academic, and technical institutions of education to train the current and next generation of the United States’ cyber professionals.

Of particular importance to industry, the strategy’s approach to regulation explicitly cautions against “checklist‑driven” regulation and emphasizes reducing unnecessary compliance burdens.

Administration officials have suggested that cyber regulations and disclosure regimes will be reviewed to ensure they align with congressional intent and industry realities. Areas of likely scrutiny include the SEC’s 2023 cybersecurity disclosure rule and pending incident‑reporting requirements issued under the Cyber Incident Reporting for Critical Infrastructure Act.

While no immediate changes have been announced, companies should anticipate possible recalibration of federal cyber disclosure expectations.

Although the executive order does not impose direct obligations, it signals increased federal engagement with private companies, particularly those with visibility into cyber threats or financial transactions linked to fraud.

Companies should consider:

• Monitoring developments related to the interagency action plan and NCC operational cell.
• Reviewing incident‑response and threat‑intelligence procedures to ensure readiness for potential federal outreach.
• Assessing information‑sharing policies and contracts, including agreements with cloud providers, cybersecurity vendors, and downstream partners.
• Evaluating exposure to cyber‑enabled fraud, especially in payment, crypto, advertising, and online services.
• Tracking regulatory developments, particularly any revisions to cybersecurity disclosure or incident‑reporting frameworks.
• Allocating executive‑level attention and resources, as the administration has clearly signaled expectations for meaningful private‑sector participation.

Conclusion

President Trump’s cybercrime executive order marks a notable escalation in how the federal government views and addresses cyber‑enabled criminal activity. By combining law enforcement, intelligence, diplomacy, and private‑sector collaboration, the administration is signaling a more forceful and coordinated strategy. Companies should take this moment to reassess their cybersecurity posture, government‑interaction protocols, and compliance readiness, as cybercrime enforcement moves firmly into the national security arena.