With the introduction of the Improving Cybersecurity of Small Organizations Act of 2020 (S. 4731) last week, a bipartisan mix of senators and representatives seek to promote guidance on cybersecurity for small organizations such as businesses, nonprofits and local government agencies.
Among those introducing the bill were U.S. Sens. Jacky Rosen (D-NV) and John Cornyn (R-TX), along with U.S. Reps. Anna Eshoo (D-CA) and John Katko (R-NY). As proposed, the bill would require the Cybersecurity and Infrastructure Agency (CISA) to create guidance that both chronicles and promotes evidence-based cybersecurity policies and controls for small organizations. For promotion, the agency would work alongside the Small Business Association and Department of Commerce.
These other two would have their own requirements under the bill, though. The Secretary of Commerce would have to report to Congress on methods that could incentivize small organizations to improve cybersecurity. Meanwhile, the SBA would have to report on the state of cybersecurity among small businesses every two years.
“Small organizations are increasingly vulnerable to cyber-attacks, and many of them lack the resources to manage complex cyber risks,” Rosen said. “I’m proud to introduce the Improving Cybersecurity of Small Organizations Act of 2020. This bipartisan and bicameral legislation will help protect our nation’s small businesses, nonprofits, and local governments from the growing threat of cyber-attacks and keep our economy and nation safe. I will continue to support forward-thinking legislation that improves America’s digital infrastructure.”
The lawmakers noted that approximately 43 percent of online cyber-attacks are aimed at small businesses. Such attacks regularly cost companies an average of $200,000, threatening the livelihood of small businesses.