Cybersecurity in U.S. Critical Infrastructure

Discussion Topics

Findings from a summer 2021 CyberRisk Alliance research survey The Critical Infrastructure Resilience and Readiness (CIRR) benchmark scores covered in this report are based on an online CyberRisk Alliance survey conducted from July through September 2021. The survey targeted members of InfraGard a nonprofit organization serving as a public-private partnership between U.S. businesses and the Federal Bureau of Investigation. In all, 380 respondents from the manufacturing, chemical, healthcare, and financial services sectors responded to questions about how well they can identify and protect against malware and ransomware attacks, as well as their ability to detect and respond to such attacks, and, ultimately, their ability to recover. The survey included specific questions mapped to the five NIST areas (Identify, Protect, Detect, Respond, and Recover). Respondents assessed their progress on a five-point scale in defending their organizations against ransomware or other destructive events. Readiness/resilience scores were then developed for 1) Identifying and Protecting, 2) Detecting and Responding, and 3) Recovering, as well as an overall composite score for each sector based on responses to these survey questions. Download the report here.