Nearly 7,800 U.S. critical infrastructure organizations have enrolled in the Cybersecurity and Infrastructure Security Agency's Cyber Hygiene service between August 2022 and August 2024, representing a 201% growth over the same period, according to CyberScoop.
The communications industry logged the highest increase in CyHy enrollment between 2022 and 2024, followed by the emergency services, critical manufacturing, and water and wastewater sectors, the CISA report revealed. Such a spike in CyHy enrollment has also correlated with gains in the agency's six cybersecurity performance goals, most notable of which are the declines in exploitable services and known exploited vulnerability tickets. However, internet-exposed operational technology protocols remained prevalent among critical infrastructure entities, particularly those in the government services and facilities industry. "Overall, CISA initiatives, programs, and products are directly influencing critical infrastructure sector service enrollments and adoption of CPGs. General analysis of CISA data reveals a moderate impact of CPG adoption across critical infrastructure sectors," said the report.
