Search
  • Tom Cummins

Senate Passes Small Business Cybersecurity Act


Cyber + Co., No. 1

The Senate has unanimously passed legislation to provide small businesses with tools to improve their cybersecurity.

The MAIN STREET Cybersecurity Act of 2017 (S. 770) directs NIST to “disseminate clear and concise resources for small business concerns to help reduce their cybersecurity risk.”

The bill now moves to the House where swift passage is expected.

Main Street is Under Cyberattack

There are about 30 million small businesses in the U.S. today, according to SBA figures. These businesses face the same threat landscape as larger organizations, but with far fewer resources.

FireEye, a top cybersecurity firm, observes in its white paper Not Too Small to Matter,

The statistics are clear: a small or midsize business is more likely—not less—to face a cyberattack compared with large enterprises.

For instance, a recent Ponemon Institute study, The 2016 State of SMB Cybersecurity, found:

  • 50% of small and midsized businesses had been breached within the past 12 months.

  • Damage or theft of IT assets cost the company an average of $879,582.

  • In addition, disruption to normal operations cost the company an average of $955,429.

And these figures don’t include the potential civil liability costs for the affected company or the potential incalculable damage on the business’s reputation.

Moreover, the threat is growing—experts agree that cyberattacks will continue to expand and evolve in the coming years.

The MAIN STREET Cybersecurity Act

Stepping up, on September 28 the Senate unanimously passed legislation to help small businesses guard against this growing threat.

The MAIN STREET Cybersecurity Act of 2017 will provide small businesses with resources from the National Institute of Standards and Technology (NIST). Among other things, NIST will publish best practices and guidelines to help businesses improve their cybersecurity and reduce their risks. Participation will be voluntary.

Under Section 3 of the Act, the resources disseminated by NIST will be:

  • “technology-neutral”

  • “based on international standards to the extent possible”

  • able to “vary with the nature and size of the implementing small business”

  • able to be implemented with commercially available “off-the-shelf” technology

The legislation is co-sponsored by Senators Maria Cantwell (D-WA), James Risch (R-ID), Brian Schatz (D-HI), John Thune (R-SD), and Bill Nelson (D-Fla.).

“Small businesses drive our economy and help create jobs on Main Streets across America,” Senator Cantwell explained in a statement to Potomac Litigation, continuing:

As cyber-attacks become more commonplace, it is critical that we help them protect their data from very real and imminent threats. By creating a simple, voluntary cybersecurity framework for small businesses, the MAIN STREET Cybersecurity Act will help them protect their data, while focusing on what they do best: serving their customers and creating jobs.

Senator Risch added “This legislation will help America’s small business owners safeguard against cyber threats and better position them to protect their assets, customers, and employees.”

The legislation now moves to the House. Stay tuned for updates as this legislation advances in the House, as well as for the next installment of Cyber + Co., when we highlight another important cybersecurity resource for small businesses.

About Cyber + Co.

Cyber + Co. is a periodic review of cybersecurity issues relevant to small businesses.

About the Author

Tom Cummins is the founder of Potomac Litigation. He has deep experience assisting clients in some of history’s largest data breaches, as well as a host of other cybersecurity incidents.