Business executives and former officials are hopeful President Trump will act fast to name senior cyber leaders, lean hard into cyber offensives, and implement policies to advance AI cyber tools.

Why it matters: The small pool of mostly bipartisan D.C. cyber policy leaders is likely to have an outsized role in shaping Trump's cybersecurity policy during his second term.

The big picture: Trump started his presidency this week as the U.S. responds to two major China-backed cyber operations — one that spied on high-ranking politicians through U.S. telecommunications networks and another that breached various offices in the Treasury Department.

• Coming into office, Trump's advisers have made vague pledges to increase their cyber offensive operations.
• But few people seem to know what that means — and the U.S. already conducts these exercises but typically keeps the details under wraps.

Yes, but: The president has yet to name officials to lead the country's top cyber offices or make specific comments on how he plans to respond to these intrusions.

Zoom in: I asked several influential business leaders and former officials to weigh in on what they hope Trump will accomplish on cybersecurity over the next four years.

• Here's what they had to say:

💥 Go big on cyber offense, several readers told me.

• The new administration should "take a real look at how cyber offensive power might be more effectively integrated into the mix of U.S. hard power and soft power tools in the wake of aggressive actions from adversarial nation-states," Andrew Borene, a former senior officer in the Office of the Director of National Intelligence, said.
• "The Trump Administration should also revisit our approach for dealing with nation-state threats in cyberspace, especially given recent events like Salt Typhoon that target our critical infrastructure. This includes stronger deterrence in the first place," said Brandon Pugh, director of cybersecurity and emerging threats at the R Street Institute.
• "We should move from a primarily law enforcement mindset, where the focus is on building cases, to an interdiction mindset, where the focus is on dismantling adversarial networks," Mike McNerney, senior vice president of security at cyber risk company Resilience, said.

🛡️ Don't forget to invest in cyber defense, too, said Kurtis Minder, CEO of ransomware response firm GroupSense.

• "I agree we should be building cyber weapons, but we should also be investing as much, if not more, in cyber defense strategies — and not just for our critical infrastructure, but also for the constituents of the country in general," Minder said.

💰 Set up a tax credit for small and medium-sized businesses to purchase cybersecurity tools, Dror Liwer, co-founder of cyber startup Coro, said.

• "These companies are being crushed by cybersecurity regulations and the constant threat of cybercriminals, yet they often lack the resources to implement adequate protection," Liwer said. "A tax credit for cybersecurity investments will level the playing field and afford [small and medium-sized businesses] the level of protection they deserve."

🤖 Embrace AI's potential for cybersecurity, Marcus Fowler, CEO of Darktrace Federal, told me.

• "This is crucial for countering the growing risk of AI-powered threats and can also uplift stretched security teams," Fowler said. "It will be critical for the next administration to embrace the significant opportunity that AI cybersecurity presents in defending our nation."

🌐 Strengthen State's cyber diplomacy bureau so the relatively new office can "effectively lead U.S. efforts in shaping the international cyber ecosystem," said Chris Cummiskey, an Obama-era Department of Homeland Security undersecretary.

📋 Review and name new critical infrastructure sectors, where appropriate, several leaders said.

• Cybersecurity firm Forescout wants to see the Trump administration designate space systems as a critical infrastructure sector "within the next 60 days," said Alison King, the company's vice president of government affairs.
• Cummiskey added that he wants to see the administration "develop a comprehensive system to identify and prioritize critical entities, with a focus on Systemically Important Entities" — a policy idea that would provide additional resources to sectors deemed most important.

🏛️ Nominate a national cyber director by the end of January, King added.

• The Biden administration didn't nominate its first national cyber director until April 2021.

Editor's note: This newsletter was corrected to reflect that Andrew Borene is a former senior officer in the Office of the Director of National Intelligence (not a former staffer of the National Security Council).

Two-thirds of organizations believe AI and machine learning technologies, including generative AI, will have the biggest impact on cybersecurity in 2025, according to the World Economic Forum's annual global cyber outlook.

Why it matters: Expect companies' IT budgets to align with these concerns.

• That means more money going toward buying AI-enabled cyber defense and building new products to fight AI-enabled cyber threats.

Driving the news: Heads of states and CEOs are gathering at the World Economic Forum this week in Davos, Switzerland, to discuss the globe's top economic issues.

• The forum released its annual global cyber outlook last week ahead of the days-long gathering.

By the numbers: 66% of organizations said in a survey last fall among 321 participants around the world that AI and machine learning will have the most significant impact on their cybersecurity strategies this year.

• 47% of respondents said their main concern is generative AI helping hackers get better at targeting their companies.
• 42% of organizations reported an uptick in phishing and social engineering attacks last year. Experts have warned that chatbots will speed up attackers' ability to launch these attacks.

The big picture: More than two years after the public release of ChatGPT, companies are slowly starting to let their employees make use of AI tools in their day-to-day jobs.

• But that also means that security teams need to find ways to secure these new applications, which bring new risks like data leakage.

Yes, but: 63% of organizations said they do not have any processes in place to assess the security of AI tools before deploying them.

The intrigue: CEOs and their top security leaders have diverging views on which geopolitical cyber risks are most concerning.

• 45% of chief information security officers said they're most concerned about cyberattacks that disrupt their companies' operations — compared with 31% of CEOs who said the same.
• 33% of CEOs are concerned about cyber espionage and loss of sensitive information, compared with 27% of CISOs.

@ D.C.

📲 Trump signed an executive order directing the attorney general to not enforce TikTok's "divest or ban" law for 75 days. (Axios)

🇨🇳 The Treasury Department sanctioned a Chinese national and a China-based cybersecurity company for participating in the Salt Typhoon hacking campaign against U.S. telcos. (CyberScoop)

🏛️ Kristi Noem, Trump's nominee to lead the Department of Homeland Security, said during her confirmation hearing that the Cybersecurity and Infrastructure Security Agency is "far off mission" and should be smaller. (Nextgov)

@ Industry

📈 Identity management company SailPoint has experienced a rise in subscription revenue that has helped the firm narrow its losses, according to new IPO paperwork. (Reuters)

@ Hackers and hacks

🔍 Hewlett Packard Enterprise is investigating hackers' claim that they recently broke into the company's developer environments. (BleepingComputer)

📚 The Toronto school district, the largest in Canada, said the PowerSchool hackers stole 40 years' worth of student data during the recent breach. (TechCrunch)

🚔 The Justice Department confirmed that last month's arrest of a serving U.S. Army soldier was tied to the massive hack of AT&T and Verizon. (Newsweek)

Hobbies are so fun: I've been learning how to make colored clay on the weekends, and I'm really pleased with the results so far.

• Now, if anyone has tips for how to make that vase look more like a cat than a dog, I'm all ears.