Small Business Cyberattack Protection Bill Gets Senate OK


Many times big business gains the spotlight while small business can’t seem to get attention. But Congress is working to ensure that small business gets a starring role on the cybersecurity stage.

Recent large-scale cyberattacks, such as the hack of Equifax Inc. that breached the personal data of 145 million consumers, have struck at the core of large corporations. Cybersecurity risks have gained high profile status when it comes to big companies. But small businesses are also tempting targets for hackers and they long for much needed cybersecurity resources. The Senate has moved legislation to plug that need.

Small businesses are the backbone of the U.S. economy-- something numerous members of Congress said in a segment on recent episode of HBO Inc.’s ‘Last Week Tonight.’ There are approximately 28.2 million small businesses in the U.S.that employ half of all workers in the country, according to the Small Business Administration.

Many of these small companies don’t have the necessary resources or technical know-how to tackle the ever-growing cybersecurity risk, Jason Hogg, CEO of Stroz Friedberg and leader of AON Cyber Solutions in New York, has told Bloomberg BNA. 

Additionally, around 50 percent of reported cyberattacks are against companies that make $50 million in revenue or less, Daimon Geopfert, national leader and security and privacy consultant at Risk Advisory Services in Southfield, Mich., said at a recent House Small Businesses Committee hearing.

The MAIN STREET Cybersecurity Act (S. 770) introduced by Sen. Brian Schatz (D-Hawaii), and highlighted in Bloomberg BNA’s Hill Watch, passed the Senate Sept. 28 by unanimous consent. A similar House bill, the NIST Small Business Cybersecurity Act (H.R. 2105) introduced by Rep. Daniel Webster (R-Fla.), has gained bipartisan support. Webster’s bill currently sits in the House Committee on Science, Space and Technology.

The bills would give small businesses increased resources fromthe Department of Homeland Security’s National Institute of Standards and Technology (NIST). Specifically, NIST would publish voluntary small business best practices and guidelines “to help reduce their cybersecurity risks,” according to the Congressional Research Service (CRS). The small businesses cybersecurity materials would need to be: “(1) technology-neutral, (2) based on international standards to the extent possible, (3) able to vary with the nature and size of implementing small business and sensitivity of the data collected or stored on the information systems, and (4) consistent with the national cybersecurity awareness and education program under the Cybersecurity Enhancement Act of 2014,” the CRS bill report said.  

Hill watchers and small business owners will be monitoring closely to see if Congress is able to reach a consensus and provide much needed resources for a crucial segment of the economy that is clamoring for cybersecurity assistance. 

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.