A high-profile nonprofit that helps targets of identity theft is casting a wary eye at the incoming Trump Administration, predicting a reduction in support for the victims of scams and for law enforcement and a hiring boom in the cybercrime market fueled by the growing use of AI by bad actors and lack of broad cybersecurity regulations in the United States.
“As we look toward 2025, the outlook for victims of identity theft, cybercrime and scams is increasingly concerning,” said Eva Velasquez, president of the Identity Theft Resource Center (ITRC). “Anticipated public policy changes and resource reductions could worsen the struggles victims face and leave them with even less support.”
As in other sectors in the United States, many in the cybersecurity field are waiting to see what changes a Trump presidency will bring that will affect an industry that is only growing in importance for businesses, government agencies, and consumers alike.
The predicted reduction in cybersecurity oversight and enforcement by the federal government likely will create significant market opportunities for MSSPs next year and beyond, according to Stephen Kowski, field CTO at SlashNext Email Security+.
“Security service providers should prepare for increased demand as organizations seek expert guidance to protect against sophisticated phishing, business email compromise, and identity-based attacks that exploit regulatory gaps,” Kowski told MSSP Alert. “Private sector security solutions will become even more critical as businesses look to establish consistent protection across state lines and maintain strong security postures regardless of federal policy shifts.”
Looking Forward
Reading the tea leaves of what federal cybersecurity policy will look like in a Trump presidency has become something of a parlor game in the industry, though there seems to be agreement in some areas. One being that there will be fewer regulations and less oversight of industries, a contrast to president Biden’s regulatory efforts.
“At this juncture, it’s fair to say that Trump 2.0 is likely to reject those aspects of any strategy that entails more regulation of the private sector,” Stephanie K. Pell, a Fellow at the Brookings Institute, a Washington D.C. think tank, wrote in a column this week. “A new Trump administration is likely to reject aspects of the Biden administration’s cyber strategies while continuing others.”
Kara Struckman, a program associate with The Wilson Center, and Madison Binder, an intern at the think tank, outlined several areas where Trump likely will make changes, including reducing the responsibilities for CISA – an agency created during the first Trump Administration – and taking a more offensive posture cyber posture.
A Dire Outlook
For the ITRC, the expectation is that things are going to get worse for victims of identity crimes and similar internet scams, writing that priorities under the new administration “are likely to deprioritize critical areas like identity crime prevention, cybercrime enforcement, cybersecurity regulations, and victim assistance funding.
In addition, without strong federal regulations and a shift back toward self-regulation, “sophisticated fraud enterprises will take advantage of inconsistent protections, leading to increased identity crimes and consumer distrust,” the nonprofit wrote. “Businesses will face greater reputational and financial risks due to breaches and fraud that stricter regulatory frameworks would help prevent.”
Turning to MSSPs
If federal support diminishes, organizations will increasingly rely on MSSPs to provide comprehensive security coverage and expertise, Kowski said.
“The anticipated surge in cybercriminal activity, combined with a complex state-by-state regulatory environment, will drive organizations to partner with security providers who can deliver consistent, enterprise-grade protection through advanced threat detection and automated response capabilities,” he said. “MSSPs that offer robust email security, real-time phishing defense, and identity protection will be especially well-positioned to help clients maintain strong security postures during this period of regulatory uncertainty.”
That said, there will be some things that won’t change, including the fact that there will be attacks that organizations will have to respond to and mitigate.
“Generally speaking, the regulatory landscape won’t change much for MSSPs,” John Bambenek, president of Bambenek Consulting, told MSSP Alert. “Companies will still have to manage security events and those that choose to outsource that will still do so. There likely won’t be as much enforcement of specific practices around cyber hygiene or CISO liability for breaches, but companies still know they have security events to manage and no administration saves them from civil liability from their customers or partners.”
