In 2025, the Center for Internet Security (CIS) faced one of the most significant tests in our history. Threats across cyber, physical, and information domains continued to rise, even as federal support for U.S. State, Local, Tribal, and Territorial (SLTT) cybersecurity programs came to an end. Public-sector organizations were left with fewer resources at a moment when they needed more. In our 25th year, CIS relied on the mission and experience that have guided us from the beginning to close that gap and protect the communities that depend on us.
CIS ensured no MS‑ISAC member lost access to essential services, covering more than $1 million per month in costs for over 19,000 organizations until a long‑term, member-funded solution was built and offered to public sector organizations nationwide. The SLTT community responded with urgency and commitment. Twelve states chose to support every eligible public-sector entity within their borders, extending MS‑ISAC protection to nearly 28,000 organizations and covering almost 38 percent of U.S. communities.
Across the country, our teams supported SLTTs through every stage of a cyber incident. The CIS Security Operations Center escalated more than 64,000 malicious or suspicious incidents, our Cyber Threat Intelligence team enriched over 126,000 indicators, and our Cyber Incident Response Team resolved 74 cases for organizations facing active threats. Our frontline services — including Albert, MDBR, MDBR+, and the newly launched CIS Managed Detection and Response — strengthened protection for critical infrastructure nationwide. We also significantly expanded awareness of multidimensional threats through broad media coverage of our cyber, physical, and information operations reporting.
Globally, CIS continued to advance cybersecurity best practices. The CIS Critical Security Controls and CIS Benchmarks saw strong growth, and we released Secure by Design: A Guide to Assessing Software Security Practices,, in collaboration with the Software Assurance Forum for Excellence in Code (SAFECode), to help organizations evaluate software security practices more effectively. We expanded the reach of CIS Hardened Images with customers using over 1.28 billion machine hours total across all cloud environments, an almost 5 percent growth year over year. We also launched the CIS SecureSuite Platform, simplifying cybersecurity assessments and helping thousands of members strengthen their security posture.
Our employees were essential to every accomplishment this year. Their dedication to our mission and their own growth reflects the values and culture that define CIS. Employees volunteered over 2,000 hours, supporting 38 nonprofits across the country. They also logged over 21,000 hours of professional development, as CIS invested nearly $900,000 in professional development and tuition assistance for employees.
2025 was a year of challenge, further reaffirming our commitment to our mission. CIS stood with the communities that rely on us and strengthened the foundation of cybersecurity for the future. As we look ahead to the next 25 years, we do so with purpose, confidence, and a shared belief in what we can achieve together.
View the 2025 CIS Year in Review video to learn more.
