In recent years, frequent corporate data security incidents have posed a serious threat to national security. Despite the enactment of multiple policies and regulations, data security supervision still faces multiple challenges, including difficulty in problem identification, investigation and evidence collection, and high management costs. Moreover, the profit-seeking nature of enterprises leads to a binary game between government regulation and corporate profit-seeking, further increasing the difficulty of government security supervision. Existing research on the binary game between government and corporate entities is relatively scarce. Therefore, this study adopts a macro perspective with the government playing a leading role, introduces evolutionary game theory, and conducts static and dynamic game analysis. It identifies 10 strategic impact parameters, including regulatory success rate and the probability of third-party reporting, to macroscopically analyze the evolutionary stable state of the game between government regulation and corporate profit-seeking. From the perspective of limited government resources, the study proposes the optimal mechanism for regulating corporate data security. The results reveal that insufficient awareness of third-party participation can lead to a vicious cycle between government and enterprises in adverse states, and the appropriateness of corporate punishment is also crucial. To prevent risks caused by enterprises' neglect of data security, effective punishment from government regulation is needed, as well as reporting and supervision by enterprises or the public on behaviors that neglect data security. Finally, combining the perspective of limited government resources, the study proposes four types of regulatory mechanisms, including collaborative, resource, policy, and information pathways, with a total of 12 regulatory approaches.