October 27, 2023 By Jonathan Reed 3 min read

Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety.

How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue.

2004 – 2009: Inaugural year and beyond

This early period emphasized general cybersecurity hygiene, such as using strong passwords, keeping software updated and being cautious about phishing attempts.

For example, in 2005, the National Cybersecurity Alliance emphasized:

  • Protecting personal information, especially when asked for personal data online
  • Using anti-virus software, a firewall and anti-spyware
  • Setting up operating systems and Web browser software properly with regular updates
  • The use of strong passwords or strong authentication technology
  • Backing up important files.

2009 – 2018: Our shared responsibility

In 2009, DHS Secretary Janet Napolitano inaugurated Cybersecurity Awareness Month at an event in Washington, D.C. At the time, Napolitano was the highest-ranking government official to participate in the campaign’s activities. This period emphasized cybersecurity as a shared responsibility involving individuals, businesses and governments.

2010: STOP. THINK. CONNECT. initiative begins

In 2010, the STOP. THINK. CONNECT. initiative was unveiled at that year’s Cybersecurity Awareness Month with a proclamation from President Barack Obama. Continuing to this day, the initiative addresses human behavior online, and for good reason. The most recent Verizon Data Breach Investigations Report reveals the human element continues to be a key driver of 74% of breaches, including social engineering hacks, errors and misuse.

2014: Call for built-in security

In 2014, a new emphasis was placed on building security into information technology products. That year, the National Cybersecurity Alliance stated that security is an essential element of software design, development, testing and maintenance. The goal back then was to engage with stakeholders and educate others about what to do and look for in products.

This theme resonates even more powerfully today, as seen in the current National Cybersecurity Strategy. The strategy proposes new measures and regulations aimed at encouraging secure development practices from software vendors.

2015 – 2019: The era of encryption

The 2015 IBM Cost of a Data Breach report was the first to provide a detailed breakdown of mitigating factors for data breach costs. And from 2015 to 2019, the top two factors held a five-year winning streak. The leading factors during those years were the formation of an incident response (IR) team followed by the extensive use of encryption.

2018: The birth of CISA

In 2018, President Donald Trump signed the Cybersecurity and Infrastructure Security Agency Act of 2018, which established the Cybersecurity and Infrastructure Security Agency (CISA). CISA assists both other government agencies and private sector organizations in addressing cybersecurity issues. CISA now spearheads Cybersecurity Awareness Month efforts, which were previously under the auspices of the National Cybersecurity Alliance.

2019 – 2022: Do Your Part. #BeCyberSmart

During this period, the Do Your Part. #BeCyberSmart campaign was launched. This theme encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity.

Over the last decade, ransomware has grown significantly as a security concern. The number of ransomware attacks has increased along with the damage associated with each incident. Security solutions that gained more traction during this period included strategies such as identity and access management (IAM), zero trust and AI-assisted cybersecurity.

2023 and beyond

This year, CISA challenges everyone to help ‘Secure our World’ by adopting four simple steps that everyone can take to stay safe online:

  • Use strong passwords (long, random and unique)
  • Turn on multifactor authentication on all accounts that offer it
  • Recognize and report phishing (“think before you click”)
  • Update software (enable automatic updates and patches).

“As cyber threats become more sophisticated, individuals and families, small and medium businesses and large companies all have an important role to play in keeping our digital world safe and secure,” said CISA Director Jen Easterly. “This Cybersecurity Awareness Month we are asking everyone to do their part to ‘Secure Our World’ by adopting key behaviors that promote online safety and security.”

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today