The US House has approved two bills aimed at improving the cybersecurity of small businesses.
House Approves Cyber Security Awareness Act
The legislation relates to the Small Business Administration (SBA) Cyber Security Awareness Act. The Act requires the SBA to issue an annual report on its cybersecurity capabilities and notify Congress if a cybersecurity breach that could compromise sensitive information had taken place.
According to the Congress website, such reports “must provide an assessment of the SBA’s information technology and cybersecurity infrastructure, a strategy to increase such infrastructure, a detail account of the SBA’s IT equipment that is manufactured by an entity that has its principal place of business in China, and any SBA cybersecurity risk or incident that occurred during the two years prior to the report (including the SBA’s action to respond to or remediate it).”
Cyberattacks Present a Huge Threat to Small Businesses
The legislation had been approved by the House in 2019. However, at the time it failed to be signed into law. Now, in the wake of the devastating COVID-19 pandemic, which has seen small business face escalating cybersecurity threats, the legislation was unanimously passed by a 423-0 vote.
On the passing of the Bill, Jason Crow, one of the House Representatives how sponsored the legislation, said: “Cyberattacks are one of the biggest threats to our economy and small businesses and way of life. This bill would ensure we are doing everything we can to protect the millions of small businesses that the SBA serves and prepare them for 21st century threats.”
Small Business Development Center Training Act
In a separate vote, the House also passed the Small Business Development Center Training Act. The Bill involves the roll-out of a cybersecurity counseling certification program, designed to support Small Business Development Centers with an improved assistance of businesses’ cybersecurity needs.
Noting the vulnerability of small businesses, Andrew Garbarino, a member of the House Homeland Security Committee cyber subcommittee, which sponsored the Cyber Training Act, said:
“Small businesses are targeted because they often lack the resources or technical knowledge needed to implement and maintain cybersecurity defenses.
“This bill combats this by helping Small Business Development Centers become better equipped to assist small businesses with their cybersecurity and cyber strategy needs,” Garbarina added.
Cybersecurity Breaches are a Growing Threat
Multiple studies and reports show that cyberattacks are growing in both frequency and severity, especially against small businesses. Experts predict that cybersecurity attacks will cost businesses more than $5 trillion within the next five years.
The passing of Acts designed to heighten cybersecurity and equip small businesses with the right training and support, is welcome news to small business owners, many of whom operate under a constant threat of being the next victim of a malicious cyber incident.