Most of the experts said the biggest threat isn’t, in fact, espionage. First Trump and then Clinton mentioned the need to stop ISIS from recruiting through online channels, but that’s missing the bulk of the point, Lief Morin, president of Key Information Systems, told The VAR Guy. “ISIS is a red herring in the context of cybersecurity. Certainly, the effort to recruit jihadists using a global communication network is a challenge worthy of significant focus, but the broader subject of cybersecurity is a major concern for the entire world.” Morin went on to say that those concerns are similar to those about physical terrorism: our defenses have to work 100 percent of the time, but the attackers only have to succeed once.

Morin and others say the scariest threat we face is to critical infrastructure like healthcare, military operations or utilities. “Of course, cyber-attacks are far more than stealing information,” said Williams. “The real concern is that a skilled adversary might interfere with the automated systems that our lives depend on in the U.S., such as food and water, energy, finance, transportation, government and defense–to name just a few.”

But protecting such assets is not something the government can do on its own. It will require partnerships and synergy with the private sector including the channel, which owns and/or manages a vast amount of the country’s infrastructure. It's a point the candidates largely ignored, much to the frustration of the experts we interviewed.

Some, however, say the government can use its regulatory powers to force the private sector to be more accountable. “With the current state of affairs, the government will be forced to step in and force costly regulation on companies more than ever before, since they are obviously not putting the proper defenses and procedures in place,” says Gates.

John Christly, CISO at remotely-managed security service provider Netsurion, agrees. “If the new president were to mandate that certain protections need to be in place for any corporate entity that stores, processes or handles consumer, financial, healthcare and payment data, it would go a long way towards setting the bar higher than it is now. Sure, we have PCI and HIPAA regulations, but many of those are ‘checkbox’ regulations today that are loosely audited and without real ramifications until after a major breach.”