USTelecom 2023 Cybersecurity Culture Report


The State of Small and Medium-Sized Critical Infrastructure Enterprises

As we see an increasing number of cybersecurity threats to critical infrastructure around the world, staying vigilant to prevent attacks is a key priority for enterprises, both large and small. Data1 show that smaller enterprises will soon be just as likely to experience a cyberattack as larger enterprises. Thus, cybersecurity culture is a mission-critical component of modern organizational culture. It is grounded in the beliefs and attitudes employees at all levels possess toward the cybersecurity practices of their enterprise, and it manifests in the ownership they take in doing their part to remain vigilant in defense of their enterprise.

Cybersecurity culture is believed to be an accurate predictor of an enterprise’s ability to prepare for and respond with confidence to a cyberattack. To take a closer look, USTelecom surveyed more than 300 small and medium-sized enterprises (SMEs) engaged in critical infrastructure work to gauge their cybersecurity culture and which factors—from IT budgets to specific company practices— have the strongest correlation to mature cybersecurity culture.

Download the Report