Tribal Nations Face Growing Cybersecurity Threats

A new report highlighted some of 2025’s most prevalent cybersecurity threats, offering advice on how to reduce vulnerabilities and protect critical systems.Image Source: Shutterstock.com

The latest report from the US Tribal Information Sharing & Analysis Center(Tribal-ISAC) examines how an increasingly complexcybersecurity landscape could challenge Tribal governments and enterprises throughout the United States. The findings highlight how tribes are adapting to these new threats and draw attention to the significant vulnerabilitiesthat remain.

Cybersecurity Investments Are Often Insufficient

While the report highlights growing strategic awareness, uneven operational readinessremains a pressing issue. Most tribal entities conduct their technical operations with small IT teams, with over two-thirds reporting zero or just one dedicated cybersecurity staff member. Funding remains a persistent obstacle, as more than 60%of tribes allocateless than 20%of their IT budgets to security.

According to Tribal-ISAC, most investments focus on technology tools, while staffing, workforce training, and incident planning are often treated as an afterthought. Despite these challenges, momentum is shifting, as73% of respondents expect to increase cybersecurity investment in 2026. However,federal and state resourcescontinue to be underutilized, with 74%of tribes stating they did not receive any grant funding for 2025.

“The findings reflect a cybersecurity landscape at tribes and tribal enterprises that is advancing in strategic intent but still developing in operational execution.”

Thesefiscal challengesmean tribal organizations must rely on their already limited internal budgets for cybersecurity, diminishing the scope of their improvements. Tribes are also grappling with the rapid adoption of AI. Very few have developed clear policies on AI use, potentiallyleaving them vulnerableto mismanagement or exploitation and presenting another risk to data security.

Criminals Continue to Develop New Avenues of Attack

The cybersecurity threat environment has grown particularly hostile. Ransomware attacksremain a pressing issue, with nearlyone-fourthof tribes reporting actionable threats over the previous year. Among those affected, 75%faced ransomware events, and77%refused to pay. While the data revealedsubstantial resilience in the face of such attacks, low reporting levels could mean that some incidents may go undetected or unshared.

Business Email Compromise (BEC) attacks are another significant threat. Criminals increasingly oftenattempt to bypassconventional security controls by using cryptocurrency laundering, AI-generated deepfakes, and even nation-state tactics. According to estimates, since 2013, BEC scams have cost global organizations over $55 billion, revealing the scope of the threat. 

“A proactive, culturally aligned cybersecurity strategy is no longer optional. It is foundational to tribal governance, economic development, and intergovernmental collaboration.”

The report urges tribes to address cybersecurity gaps through a “Resilient by Design” approach that integrates technology, workforce development, and cultural alignment. Tribal-ISAC recommended federal resources such asCISA’s resilience toolkit and the Tribal Cybersecurity Grant Programthat can support tribes in developing their capabilities. However, awareness and upngakeremain inconsistent, requiring consistent investment and executive engagement.