The current cybersecurity policy is based on what has been seen over the past 20 years. It must now be changed because the threat has adapted. The way to respond to the threat and, more importantly, the laws and regulations have not been updated, and that is why we are currently at a disadvantage.
On April 19th, 2021. See this statement in context.