Today, technology is present in all business segments. Every organization uses at least some kind of technology to be able to normally function. When talking about critical infrastructure, it is one of the most important infrastructures in any country. Without it, everyday life could not function. There are different definitions of the critical infrastructure sector, but they mostly include water supply, hospitals, electricity, telecommunications and similar organizations. All organizations within these sectors rely more than ever on the application of technology and are therefore susceptible to cyber attacks. Cyber attacks are a growing trend in the world, and this infrastructure is one of the main targets of hackers. Although Croatia is a small country, it is by no means exception when it comes to cyber attacks on critical infrastructure. Cyber attacks can have different consequences for individual organizations. It is mainly about monetary losses, loss of data or discontinuation of normal operation of certain business segments over a period of time. In order to ensure cyber, and therefore information security within different organizations, it is important to implement different types of information controls. Employees are key for every organization and they are often the target of various cyberattacks, i.e. the intermediary in the attack. The aim of this paper is to gain insight into the level of information security awareness among critical infrastructure employees in Croatia. Through the survey questionnaire on which this research is based, an insight will be gained into how all employees of critical infrastructure are familiar with cybersecurity, what is their opinion about it and how they behave in accordance with the rules imposed by the organizations in which they work. Based on these results, the theoretical approach to cybersecurity and the analysis of various attacks, conclusions will be made about the ways in which the cybersecurity of individual organizations can be improved.