Cyber attackers pick on small businesses because they often lack the internal resources or technical knowledge needed to implement and maintain cybersecurity defenses. While there has been some movement by lawmakers to help small businesses build stronger cyber defenses, much more is needed.
To that end, the legislative pot to better support small businesses may be heating up. It took two years but the House has managed to pass legislation to help smaller operations shore up their cyber flanks against escalating threats. The measure, which was first introduced in 2019 but failed, this time around passed by a vote of 423-0.
Legislators also passed a bill that would require counselors at small business development centers to be trained and certified in cybersecurity to better assist small businesses. It passed by 409-14. Both bills were also re-introduced in the Senate last May and involve the Small Business Administration’s (SBA) involvement and oversight.
Each measure could enable managed security services providers (MSSPs) and managed service providers (MSPs) that support small businesses more opportunities for further engagement in security breach reporting and training assistance.
Small Business Cybersecurity Legislation: Potential Implications
The SBA Cyber Awareness Act would require the SBA to report to Congress a cybersecurity breach that involves confidential information and inform lawmakers of the agency's cyber capabilities. The Small Business Development Center Cyber Training Act would require small business development centers to have employees certified in cyber strategy counseling for small businesses.
Specifically, the SBA’s report to Congress must include details on:
“Cyberattacks are one of the biggest threats to our economy and small businesses and way of life,” Rep. Jason Crow (D-CO), said ahead of the House vote. He and Young Kim (R-CA) co-sponsored the legislation. “This bill would ensure we are doing everything we can to protect the millions of small businesses that the SBA serves and prepare them for 21st century threats,” Crow said.
The cyber training bill, sponsored by Andrew Garbarino (R-NY), the ranking member on the House Homeland Security Committee cyber subcommittee, will help provide small businesses with the resources they need to create strong cyber defenses, he said. “Nearly 50 percent of cyberattacks are directed at small businesses, which can result in devastating financial, intellectual property, and reputational loss,” Garbarino said. “This bill combats this by helping Small Business Development Centers become better equipped to assist small businesses with their cybersecurity and cyber strategy needs.”
Although not directly referenced by either bill’s sponsors, the Kaseya VSA supply chain cyber attack that hit some 50 MSPs in early July and spread to hundreds of small businesses, hopefully influenced lawmakers to pay more attention to strengthening their defenses.
Key U.S. Government Security and CISA Milestones
Along those lines, here are some other actions lawmakers and the Cybersecurity and Infrastructure Security Agency (CISA) have undertaken on behalf of MSPs and small businesses:
Of note, the Small Business Cybersecurity Assistance Act of 2019 sat unattended by the 116th Congress (2019-2020) among many others.
