Growing Vulnerabilities and Cybersecurity Gaps

Cybersecurity in the United States is under increasing strain as the nation faces a rising tide of cyber threats. Key sectors like banking, healthcare, energy, and education are heavily dependent on information technology, much of which remains vulnerable. As technological complexity increases, the risks associated with insecure systems multiply. A stark reminder of these threats came in August, when a massive data breach at National Public Data exposed the Social Security numbers and personal data of millions of Americans. Over the past decade, the number of software vulnerabilities has surged by 29% annually, according to the National Vulnerability Database, signaling an escalating trend.

The rise of malicious AI-driven tools to exploit these vulnerabilities further heightens concerns about the security of critical systems. Despite this, the federal government’s role in U.S. Cybersecurity Oversight has mainly been limited to offering guidance and using its purchasing power. Unfortunately, these measures have not significantly curbed the growing threat landscape.

Lack of Effective Cybersecurity Oversight and the Growing Cybercrime Cost

Despite claims from private companies that they are strengthening cybersecurity measures, data breaches continue to plague businesses, with little market-driven correction. The public and stock market responses to these breaches have become muted, signaling a lack of accountability. Meanwhile, cybercrime costs in the U.S. Cybersecurity Oversight skyrocketed to an estimated $320 billion in 2024, marking a staggering increase from previous years.

The Cybersecurity and Infrastructure Security Agency (CISA) has spent substantial time and resources urging software vendors to adopt basic security practices, such as providing Software Bills of Materials (SBOMs). However, these efforts have proven insufficient to halt the breaches. The current approach, relying on voluntary industry self-regulation, is failing to address the scale of the problem and does not provide adequate protection for Americans.

The Need for a New Cybersecurity Regulator

Experts argue that the U.S. Cybersecurity Oversight needs a more robust regulatory framework to safeguard its cybersecurity, similar to the creation of agencies like the FDA and NHTSA, which protect public health and safety. Public polling indicates that while Americans may be dissatisfied with the federal government, they still want it to take action to protect citizens from cybersecurity risks. A proposed solution is the establishment of a new regulatory body empowered to enforce minimum security standards for private companies that play a critical role in the nation’s infrastructure. This body would need the authority to audit companies, publish findings,

impose fines, and even remove unsafe products from the market. These powers are essential for creating real accountability and ensuring that companies uphold the necessary security measures to protect their users. Such a regulatory body could either expand the existing authority of CISA or be a new agency altogether. Regardless of the structure, it is clear that stronger oversight is essential to protect American citizens, businesses, and government entities from the rising tide of cyber threats. Without it, the nation remains vulnerable to increasingly sophisticated cyberattacks.