Government Can’t Win the Cyber War Without the Private Sector

Cybersecurity is a contest between attackers and defenders. For far too long, governments have been defending their turf alone while attackers frequently target public-sector entities with little to no resistance, launching attacks with national ramifications. Despite rules and regulations meant to establish baseline controls, attacks continue to define a growing threat landscape. The harsh reality is that the threat surface has grown wildly beyond what governments can realistically defend. The digital infrastructure that governments aim to secure is a product of private companies. There are limits to what the state can secure on its own, which means the focus must shift to closer collaboration with the private sector. Let’s take a closer look at why an ideal defensive and offensive posture for risk management should entail a more collaborative effort from the government. Rise in the scale and complexity of cyberthreats Modern cyberattacks have gone many notches higher in terms of cadence, scale, and sophistication. Such attacks do not depend on a single vector. Palo Alto Networks found that 87% of intrusions across 750+ incident response cases targeted multiple attack surfaces, from endpoints and networks to cloud infrastructure, SaaS, apps, and identity. Intrusions spread laterally across connected systems, so defending one layer well isn’t enough when attackers can pivot through multiple access points in the same campaign. Growing attack surface underpinned by everyday dependencies Years ago, the attack surface felt like an attack on the organization’s operational perimeter. Today’s attacks have moved beyond this perimeter to include the functional elements of any organization, including cloud platforms, APIs, vendors and managed services providers. These third-party dependencies broaden the attack surface, giving cyber attackers more avenues to exploit. A compromise of a remote support tool enabled attackers to access multiple U.S. Treasury Department offices, an example of how third-party access can become the easiest entry point. Technology ownership controlled by private entities There was a time when major technology shifts and advancements were a direct outcome of research funded by different government entities. Examples of that include the origins of the Internet, global positioning systems (GPS), solar energy and many others. But things have changed, and it is the private sector that now drives technological advancements. Critical digital infrastructure is overwhelmingly built and operated by private entities, and the government doesn’t have total control over all its operational levers. This demands a change in thinking, requiring them to partner with the private sector to secure the infrastructure on which a country depends. Cybercrime has gone industrial and is very persistent Cybercrime is an industry with different specializations, services, tooling, and repeatable playbooks. And this industry is decentralized, meaning arresting one group doesn’t dent the scale and scope of attacks in general; there is always another group to fill the gap. This is because the underlying incentives remain strong. As a case in point, crypto scams and fraud pulled in roughly $17 billion last year, fueled by a sharp rise in impersonation schemes (up 1,400 percent YoY). In November a ransomware attack on OnSolve CodeRED forced the emergency-notification platform offline, disrupting alerts used by law enforcement and other public agencies. Considering cybercrime is the gift that keeps on giving, a coordinated response targeting the entire criminal enterprise model, including its hosting services, identity abuse, laundering pathways and scam infrastructure, is the only way forward. Get aggressive offensively, not continue playing whack-a-mole. Geopolitics enters the fray as nation-states use cybercrime State-enabled cybercrime has become routine and normalized as an instrument of espionage, influence, and strategic disruption. State-sponsored operators not only showcase greater capabilities but also a deeper reach, traversing global platforms, third-party infrastructure, and cross-border supply chains. Organizations are already on high alert, with 64% accounting for geopolitically motivated cyberattacks in their risk mitigation strategies. “National cyber defense” cannot be purely national in execution. It has to include alliance coordination and cross-border collaboration with private-sector operators that manage key visibility and control points. The accelerating role of AI as an attack enabler and defender AI is shrinking attack timelines by roughly 100x. Intrusions that used to unfold over days now play out in minutes. In one in five cases, data is already leaving the environment within the first hour. Organizations are rushing AI systems into production, adding new models, plugins, connectors, and data paths, which widens the attack surface further. Legacy controls weren’t built for that pace or that sprawl. This is why governments can’t solve it alone. The workable path must involve better public–private coordination, where threat intelligence disseminates faster, secure AI patterns are built and shared, and governance is aligned across sectors. The road ahead is more about building a shared defense paradigm that moves at adversarial speed. Governments can still set the standards of accountability, but improved resilience will only come from stronger public-private coordination, faster inter-agency sharing, secure by design AI, and joint disruption of criminal infrastructure across borders. WRITTEN BY Steve Durbin Steve Durbin is Chief Executive of the Information Security Forum, an independent association dedicated to investigating, clarifying, and resolving key issues in information security and risk management by developing best practice methodologies, processes, and solutions that meet the business needs of its members. ISF membership comprises the Fortune 500 and Forbes 2000. More from Steve Durbin The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Four Risks Boards Cannot Treat as Background Noise Why We Can’t Let AI Take the Wheel of Cyber Defense Cyber Risk Trends for 2026: Building Resilience, Not Just Defenses Cybersecurity Is Now a Core Business Discipline Follow Pragmatic Interventions to Keep Agentic AI in Check Beyond the Black Box: Building Trust and Governance in the Age of AI Latest News OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal Data Breach at Tennessee Hospital Affects 337,000 Artemis Emerges From Stealth With $70 Million in Funding Splunk Enterprise Update Patches Code Execution Vulnerability Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software Cisco Patches Critical Vulnerabilities in Webex, ISE Ransomware Hits Automotive Data Expert Autovista Trending Webinar: A Step-By-Step Approach To AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection And Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the Move ThreatModeler has appointed Kevin Gallagher as Chief Executive Officer. Thomas Bain has been appointed Chief Marketing Officer at Silent Push. The United States Department of War appointed David Vaughn as Technical Advisor for Data Infrastructure. More People On The Move Expert Insights The Hidden ROI Of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules Of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons From OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) Flipboard Reddit Whatsapp Email