The Department of Homeland Security (DHS) and its Cybersecurity and Infrastructure Security Agency (CISA) component on Monday announced the official beginning of Cybersecurity Awareness Month 2025.
CISA will administer the national campaign throughout the month of October, providing partner agencies and private sector partners with tools and resources to bolster their defenses.
This year’s theme is Building a Cyber Strong America. The campaign will focus on the government entities and small and medium businesses that protect the nation’s critical infrastructure.
“Cybersecurity is a critical theater in defending our homeland,” Homeland Security Secretary Kristi Noem said in a statement. “Every day, bad actors are trying to steal information, sabotage critical infrastructure, and use cyberspace to exploit American citizens.”
“Taking down these threats requires a whole-of-society approach, and the reforms we’ve implemented at CISA have empowered them to work with all of our partners to take down these threats and make America cyber secure again,” she added. “This Cybersecurity Awareness Month is the time for us to continue our efforts to build a cyber strong America.”
CISA is calling on all U.S. small and medium businesses and state, local, tribal, and territorial governments to take basic steps to improve their cybersecurity. These steps include turning on multi-factor authentication (MFA), updating software, requiring strong passwords, and reporting phishing.
Additionally, CISA said organizations can boost their cyber resilience by enabling system logging on their systems, backing up data, and encrypting sensitive information.
“Critical infrastructure – whether in the hands of state and local entities, private businesses, or supply chain partners – is the backbone of our daily lives,” said Madhu Gottumukkala, acting director of CISA. “Whenever it’s disrupted, the effects ripple through communities across America.”
“That’s why this year CISA is prioritizing the security and resilience of small and medium businesses, and state, local, tribal, and territorial government (SLTT) that facilitate the systems and services sustain us every day,” Gottumukkala said. “This includes things like clean water, secure transportation, quality healthcare, secure financial transactions, rapid communications, and more. Together, we must make resilience routine so America stays safe, strong, and secure.”
Organizations can find additional resources, toolkits, and guidance for Cybersecurity Awareness Month 2025 on CISA’s website.