A daily onslaught of significant breaches means policymakers are often forced into crisis response. For decades, this has led to an overwhelming focus within the community on tactical issues and relatively less attention on strategic ones. Fortunately, however, policymakers are increasingly considering cyber risk holistically and are attempting to proactively drive systemic changes.

Various U.S. Government agencies have begun to tackle these ecosystem-level challenges through the National Cybersecurity Strategy, Secure-by-Design principles, Memory Safe Language guidance, and software supply chain multi-stakeholder efforts.

In a segment from CrowdStrike, Drew Bagley, Vice President & Counsel of Privacy and Cyber Policy, surveys progress within these initiatives and explain how addressing structural issues like IT concentration risk represents the next frontier in strategic cyber risk mitigation.