While small businesses account for more than half of all U.S. sales and jobs, they are a major target of cyberattacks, which have put 60 percent of them out of business within six months of an incident, according to the National Cyber Security Alliance.
New legislation recently introduced by U.S. Rep. Daniel Webster (R-FL) would aim to reduce cybersecurity risks for small businesses by requiring the director of the National Institute of Standards and Technology (NIST) to publish guidance for them within a year of the act’s enactment on identifying, assessing, managing and reducing risks.
“America’s small businesses are the backbone of our economy. As an owner of a multi-generational small business, I understand the importance of equipping and empowering small businesses to tackle challenges so they can grow and prosper,” Webster said.
The use of such guidance would be voluntary, Webster said, and funding to carry out the bill’s requirements would come from regularly authorized NIST appropriations.
The bill would also support a voluntary public-private partnership to reduce risks to critical infrastructure and calls for the development of simplified, off-the-shelf technological resources for use by small businesses, according to text of the bill.
Webster introduced the bipartisan NIST Small Business Cybersecurity Act last week along with cosponsors U.S. Reps. Lamar Smith (R-TX), chairman of the House Science, Space, and Technology Committee; Daniel Lipinski (D-IL); Barbara Comstock (R-VA); Jacky Rosen (D-NV); Randy Hultgren (R-IL); Stephen Knight (R-CA); Darin LaHood (R-IL); Roger Marshall (R-KA); and Bill Posey (R-FL).
Companion bill S. 770 was favorably reported April 5 by the Senate Commerce, Science, and Transportation Committee.