With the rapid development of the digital economy, there has been an explosion in the amount of data generated. Data have become a vital resource for nations, just as tangible assets and human capital are crucial factors of production. Consequently, protecting digital security has become paramount. However, the increasing frequency of various data security incidents in recent years has exposed issues such as inadequate platform governance, lack of government regulation, and incomplete digital security governance (DSG) mechanisms. This study aims to create a healthy and open digital ecosystem and proposes a new digital security governance framework. It subdivides traditional government departments into local governments and the central government. Together with third-party platforms, they are analyzed as participants in an evolutionary game. The study examines the evolutionary stability of strategy choices made by each party and explores the relationship between key factors such as negative externalities, data security incident probabilities, and their impacts on strategy selection using numerical simulations. The research findings indicate the following. (1) Key parameters such as implicit benefits, government subsidies, and negative externalities play a significantly positive role in the development of the digital ecosystem. (2) The central government consistently tends towards emergency response, considering the overall societal perspective, as long as it is capable of bearing the costs. (3) Local governments may exhibit free-riding behavior during the governance process. To address this, it is important to increase the willingness of third-party platforms to govern and oversee the participation of local governments, which is an effective way to prevent data crises. The study also identifies different governance models in various environments: (1) a digital security governance model in a stable market environment, involving increased central government intervention and supervision of local governments’ participation; and (2) a digital security governance model in the event of a data crisis, where the central government establishes subsidies that exceed the governance costs of local governments to enhance the willingness of third-party platforms to govern. Finally, recommendations and strategies are presented to enhance the level of digital security governance.