skip to main content

What is the NIST Cybersecurity Framework?

The US National Institute of Standards and Technology (NIST) Cybersecurity Framework is a guide for how businesses and organizations can reduce and manage cybersecurity risks. This guide explains how you probably already use the NIST framework to protect your own home - and how it can also apply to how you protect your organization.

What do you need to know?

If your organization has access to employee, client and stakeholder data, it's your responsibility to protect it. The NIST framework helps you reduce the risks against your business and data through standards, procedures and business continuity and disaster recovery (BCDR) best practices to give your business the best defense it can have.


How do you protect your house?

Whether you live in an apartment, house, or boat, we're all forced to defend our homes. Following the 5 steps of the NIST framework, you can picture how you must defend your house, literally and figuratively. Cybersecurity and BCDR use it the same way to defend your business.

How to protect your house/business
What valuables do you have?
How do you protect these things?
How do you detect when someone gets in?
How do you respond?
How do you recover?
House Family/Pets Doors/Windows Alarm Police Insurance
House Documents/Valuables Locks Doorbell Camera Weapons Home Home Improvements
Business SIEM Firewalls SOC Mitigation Business Continuity Plan
Business Risk Assessment SASE EDR/MDR Incident Response Backup Solutions


Why should you care?

  • It is expected that a new ransomware attack will occur every two seconds by 2031
  • the estimated mean cost to recover from a ransomware attack is $1.82M in 2023
  • the average downtime for a ransomware attack in 2022 was 24 days
  • over 69% of SMBs admit they are concerned a serious cyber attack could put them out of business
  • 76% of SMBs have been impacted by at least one cybersecurity attack in the last year



Not sure where to start? Contact us for a technology review.




  1. Morgan, Steve. (2023, October 8). “2022 Cybersecurity Almanac: 100 facts, figures, predictions and statistics.” Cybercrime Magazine
  2. Sophos (2023, May), “The State of Ransomware” 2023
  3. Petrosyan, Ani. (2023, August 28). “Global average length of downtime after a ransomware attack 2022.” Statista
  4. ConnectWise, “The State of SMB Cybersecurity in 2022.”
  5. ConnectWise, “The State of SMB Cybersecurity in 2022.”