Along with myriad other crises that have defined the Biden administration, the United States has also faced unprecedented cyberattacks over the past four years. While Trump will look to address Biden’s security failures at the border and abroad, he will also have to contend with mounting threats to the country’s cybersecurity infrastructure.

The nation saw a flurry of bad cybersecurity headlines just before the new year, with hackers ramping up their activities as Americans checked out for the holidays.

On December 30, the Treasury Department revealed that Chinese hackers had breached the department’s computer firewalls and stolen documents in what the agency described as a “major incident.” Just days later, The Washington Post reported that the Treasury Department was imposing sanctions on Chinese companies involved in hacking operations that “infiltrated around 260,000 internet-connected devices.”

Just a few weeks before that, a White House official shared that at least eight U.S. telecom firms had been impacted by a Chinese hacking campaign. According to The Associated Press, “The U.S. believes that the hackers were able to gain access to communications of senior U.S. government officials and prominent political figures through the hack.”

Every day, Americans have also fallen victim to hacking operations. On December 30, the same day the Treasury Department revealed that it had been hacked, Rhode Island Governor Daniel McKee announced that cybercriminals had released stolen files from RIBridges, a state program that manages Medicaid and Temporary Assistance for Needy Families. These files, containing beneficiary information, were posted on the dark web. McKee was uncertain about which specific files were posted, raising concerns about the potential sale of sensitive health and financial information.

Rhode Islanders are hardly alone. According to research by the University of Maryland, more than 2,200 cyberattacks occur each day in the United States, equating to nearly one attack every 39 seconds.

Two years ago, one in three Americans surveyed by Ipsos reported that they had been victims of online robbery or cybercrime. In 2024, 79 percent of the people polled in a multinational survey, which included Americans, expressed to the same pollster that their primary fear was being hacked.

Moreover, a report from IBM indicates that the United States had the highest average cost of data breaches in 2024 among the 16 countries studied. “The health, financial, industrial, technology, and energy sectors were primary targets, as all contribute to national defense,” one expert in the field told me.

In total, the number of attacks has risen 47 percent under Biden compared to Trump’s first administration. According to the HIPAA Journal, which specializes in health insurance coverage, the number of medical records exposed in cyberattacks surged to 160 million in 2023. In contrast, during Trump’s presidency, the most data hackers accessed was around 40 million records in 2020.

One of the main reasons for the uptick in attacks has been a lackluster response to them under the Biden administration. During a Senate hearing in early December, James Lewis of the Center for Strategic and International Studies described the government’s reaction to cyberattacks, particularly from China, as “a stern lecture and a few strongly worded notes.”

Another witness at that hearing, James Mulvenon, Chief Intelligence Officer at Pamir Consulting, was more specific in his critique. As he explained, in 2022, Biden gutted National Security Presidential Memorandum-13 (NSPM-13), which President Trump had signed in 2018.

Mr. Mulvenon noted that Trump’s memorandum “for the first time lowered the threshold for authorizing offensive cyber operations.” Despite warnings from Republicans and the Cyberspace Solarium Commission, which correctly stated that altering Trump’s directive would signal weakness and undermine the United States’ deterrence power, Biden chose to modify it.

“The current dynamic with China in cyberspace will not change unless a similar, and hopefully even more forward-leaning policy like NSPM-13 is enacted in the new administration,” Mulvenon testified.

While Americans wait for Trump to hopefully enact stronger cybersecurity policies, they can also take basic precautions to improve their “cyber hygiene.”

According to a cybersecurity expert I spoke with who advises the government, the most important thing internet users can do to protect themselves online is create strong login passwords that are unique for each site. He advised creating passwords that are at least 12 characters in length and changing them once a month to make tracking more difficult.

“One should have a dedicated device only for your banking, health insurance, and private email while using another device for social media and email for other non-official reasons, as well as all internet browsing,” he said. “This will make it harder for hackers to access personal data.”

He also said “cookies,” or data websites collect from visitors, should be cleared weekly.

These steps, he emphasized, are even more important with the advent of artificial intelligence, which is already leading to an explosion of online scams and hacking operations.

In an age where everything from saving for retirement to ordering dinner is done online, Americans’ personal information is more vulnerable than ever. Protecting it will take a combined effort of individual common sense and government policies to keep bad actors at bay.

Ben Solis is the pen name of an international affairs journalist, historian, and researcher.