The private sector is struggling to contend with the growing scope, scale, and complexity of cyber risks to corporations’ finances, reputation, and even property. These risks cut across multiple areas of business operations and permeate relationships with suppliers, customers, and third parties. Most governments are by now aware that cyber threats can severely damage and disrupt their economies and infrastructure, and many invest significant effort and resources to confront this danger. Yet virtually all face serious bandwidth limitations in addressing cyber threats to private entities. Concerns over potential escalation or blowback if they pursue or retaliate against foreign hackers, including potential states or proxies, further dampen governments’ enthusiasm for defending the private sector. Furthermore, those governments that seek to address private sector cyber vulnerabilities face serious pushback against onerous regulations and reservations about creating a moral hazard if they assume responsibility for protecting the private sector. These reasons and others have made a governmental solution to this worsening private sector predicament unsatisfactory—a situation that is unlikely to fundamentally change for the foreseeable future.