February 16, 2023
USTelecom’s 2023 Cybersecurity Culture Report
Finds Company Culture Drives Effective Defense Against Attacks
Comms Leads Infrastructure Sectors on Readiness Among Small and Mid-Sized Ventures
WASHINGTON, D.C. – USTelecom | The Broadband Association released the “Cybersecurity Culture Report: The State of Small and Medium-Sized Critical Infrastructure Enterprises Operating in the United States,” which found the strength and maturity of a company’s cybersecurity culture is a powerful indicator of its ability to defend against online attacks.
USTelecom’s survey examines the cybersecurity risks, readiness and realities of small and mid-sized enterprises (SMEs) that own, operate or support U.S. critical infrastructure. The survey asked 374 respondents from small and medium-sized enterprises to assess more than two dozen aspects of their company’s cybersecurity culture—from the practices and beliefs of employees and managers to companywide communications and training.
“As companies of all sizes face growing online threats, a strong cybersecurity culture within small and medium-sized enterprises provides an essential fortress in the defense against attacks,” said Robert Mayer, USTelecom’s senior vice president of cybersecurity and innovation. “Frequent communications, education and training are critical elements of a robust cybersecurity strategy—and can make a significant, often defining difference for ventures large and small.”
With mounting risks from around the globe, data show that smaller enterprises will soon be just as vulnerable to cyberattacks as larger enterprises. Cybersecurity culture refers to the relevant attitudes and beliefs of people within an enterprise and how they translate into employee behavior and a shared sense of responsibility for ensuring the company’s online security.
Among the key findings of the USTelecom survey:
- A strong cybersecurity culture is a reliable predictor of a company’s ability to prevent and respond effectively in the event of an online attack.
- Size is not a prohibitive barrier to strong cybersecurity culture, with 28% of small and medium-sized companies surveyed earning the highest culture rating (mature).
- When it comes to cybersecurity confidence—the ability of employees to know what to do in the face of an attack and for departments to work effectively together—annual revenue is a less reliable indicator than practices that regularly engage all employees.
- Communications leads infrastructure sectors with the most consistently high rankings of a mature cybersecurity culture.
The USTelecom Cybersecurity Culture Index includes four segments—weak, emerging, growing and mature. The report aims to document best practices and help provide insights for small and medium-sized ventures as they prioritize resources and practices in the face of this growing challenge. Among the most important identified approaches—frequent communications with all employees about cybersecurity issues.