Executive Summary
Millions of Americans are targeted with phishing scams, ransomware attacks, and hacks. Worldwide, it’s estimated that more than 600 million attacks occur daily. As society becomes increasingly digitized, these attacks are likely to become more frequent. Every facet of life is dictated by technology, and with Gen-Z representing the first digital natives, that’s only going to continue to be the case. Advancements like AI and quantum computing bring new risks through streamlined mass attacks and less clarity between reality and scams. These technologies offer new pathways to target older computer systems, digesting far more data than any regular computer and using that to exploit weaknesses at an expedited rate. Determining a way to secure these innovations before weaknesses can be exploited is essential to U.S. tech dominance.
Background
In 1986, U.S. federal legislators introduced the first-ever cybercrime bill, the Computer Fraud and Abuse Act amended into the Comprehensive Crime Control Act of 1984. This bill aimed to prosecute hackers and prevent online malfeasance right when the digital world was emerging. Fast forward to today, and the scale of the internet, along with cybercrime, has increased exponentially. Not only is cybercrime more prevalent, but hackers can target more infrastructure than ever before due to integrated technology in every sector of life.
In 2024, 90% of businesses were the target of phishing attacks. Combine that with the fact that 41% of ransomware attacks start from a simple phishing expedition, there are addressable risks associated with digital innovation. While attacks like Microsoft’s SharePoint hack do demonstrate the high skill associated with ransomware, most aren’t as complicated. The attack on the Colonial Pipeline, which delivered oil and gas from Houston to the port of New York, was initiated from a leaked password. Corporate giants like Target, Sony, and Google have also fallen to this exact scam. In order to usher in new technological developments, we must ensure that protections advance with our society.
Challenge
And to complicate matters further, attacks on U.S. soil are perpetrated from across the globe. Bad actors internationally can target anything from small businesses to the federal government, and yet there’s little recourse for U.S. law enforcement. Most attacks can be traced to countries like Russia, Iran, North Korea, and China, who do not extradite their citizens. Estimations show that only 3 in every 1000 cybercrime cases lead to an arrest. The best that the U.S. government can do is track down and recoup possible financial losses and attribution. Simply put, they can figure out who did it and get some of the company's now devalued cryptocurrency ransom back.
In addition, the tech landscape continues to evolve as quantum computing has thrown a wrench into an already difficult situation. Quantum computing's power to solve problems concurrently and at exponentially faster rates than normal computers has raised flags as to how it could be weaponized. Giving hackers the ability to work faster would be disastrous, which is why organizations like the Banking Policy Institute have begun to insist that companies innovate to find digital algorithms that are resilient to quantum threats. Federal policies need to reflect current and future advancements in cybercrime to ensure that these technologies don’t harm more than they help the general public.
Solution
To address these concerns, the U.S. needs stronger cybersecurity laws that address the gaps in the CFAA and other cybersecurity legislative measures, along with a more expansive mitigation strategy for agencies like CISA. While it will continue to be near-impossible to prosecute individuals for cybercrimes outside the U.S., it is vital that tech-reliant entities like hospitals and power plants have the necessary defenses to combat the onslaught of hacks that are attempted on them daily. Along with a more robust cybersecurity system, the federal government's ability to lessen the impact that successful attacks can have is crucial. The next battlefield is going to be in cyberspace, and Gen-Z cannot afford to fall victim to attacks on every aspect of their lives this frequently. Ensuring technological resiliency now is the first step in building a stronger society for the next generation.
Policy Recommendation
ZETA is pushing for legislation within the 119th Congress that coordinates public and private sector responses to major cyber attacks, and building a strong cybersecurity workforce. This includes support for bills such as the Widespread Information Management for the Welfare of Infrastructure and Government (WIMWIG) Act, and the Cyber PIVOTT Act of 2025. WIMWIG reauthorizes the Cybersecurity Act of 2015, which is set to sunset on September 30, 2025. The Cyber PIVOTT Act offers scholarship programs to students, who then are placed in holes in the workforce. These together exemplify the tenets of cyber protection and development. Finally, ZETA advocates for the adoption of cyber-based education that raises public awareness of common phishing strategies.
With this platform, policymakers can be sure that they enter a future protected from threats bound to materialize from expansive technological advancements. ZETA promotes legislation that will allow the U.S. to innovate while addressing the digital dangers posed by adversaries.
