What the Main Street Cybersecurity Act Means for Small Businesses

If you own a small business, you might think you’re immune to cyberattacks. After all, you reason, why would hackers be interested in your business when there are far bigger, more attractive targets for them to focus their efforts on?

The fact is, a substantial portion of cyberattacks target small businesses just like yours. Perhaps it’s because your site houses sensitive customer financial data, like credit card numbers. In some cases, it’s because they can use your site to invade your customers’ computers—and much of the time, it’s simply because these attacks are automated, concerned less with the specific value of a given website than with its vulnerability.

Just the Facts: Small Businesses Are Under Attack

According to data compiled by Small Business Trends, small businesses are just as susceptible to cyberattacks as their big business counterparts. Consider the following metrics, for example:

• 43 percent of all cyberattacks are aimed at small businesses.
• 60 percent of small businesses fold within 6 months of a cyberattack.
• Less than 15 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities, and attacks as “highly effective.”
• On average, small businesses spend almost $900,000 after an attack because of damage or theft of IT assets.

Finally, A Potential Lifeline

Those costs are unsustainable for most small businesses, something Congress has finally begun to understand and do something about. They’re currently attempting to pass new legislation, the Main Street Cybersecurity Act, the goal of which is to give small businesses the tools they need to improve their cybersecurity.

As Republican Senator John Thune (one of the bill’s sponsors) noted recently when discussion the legislation:

“Cyberattacks can have catastrophic effects on small businesses and their customers. This legislation offers important resources, specifically meeting the unique needs of small businesses, to help them guard sensitive data and systems from thieves and hackers.”

Why the Need for New Legislation?

Currently, the National Institute for Standards and Technology (NIST) offers tools to protect businesses, but these are cost-prohibitive for most small companies, and they require highly-skilled technicians for implementation—the kind of in-house staff most small businesses don’t have. The new legislation seeks to provide tools and other resources better geared to the needs of small and medium-size businesses.

What Does the Main Street Cybersecurity Act Do?

The new legislation will leave in place the National Institute for Standards and Technology, which will continue to offer businesses tools and resources to increase cybersecurity. If the bill passes, however, NIST will be specifically directed to focus to a much larger extent on the cyber needs of small businesses, providing them with tools customized to their needs and budgets.

In addition, the bill will move NIST to expand adoption of the Cybersecurity Framework, intended to help businesses meet their cybersecurity goals. Currently, about 30% of U.S. businesses are using the framework to manage their cybersecurity needs. The goal of the legislation is to move that number to no less than 50% by 2020.

How Will the New Legislation Affect Small Business?

Although it’s not possible to predict the precise impact of the Main Street Cybersecurity Act, should it pass, its goals are clear. Most observers agree that those goals are attainable.

Among other things, the bill will provide educational resources for small businesses. Currently, for example, the problem for many small businesses is the lack of internal staff who have the expertise to implement tools like the Cybersecurity Framework. If passed, the new legislation will provide small businesses with educational resources to simplify the process, likely to include educational videos on the nature of phishing scams, basic information technology “hygiene,” and cybersecurity incident response strategies.

As noted above, the bill also aims to make new resources affordable for all businesses. The hope is that already overworked small business IT teams will be able to harness the power of the new tools without a substantial increase in workload. The bill will provide a wealth of new tools and resources, but businesses will be able to pick and choose only those which they really need and can afford.

Will the Bill Pass?

The current climate in Washington is such that it’s not possible to say if—or when—the proposed legislation will become law. It is important to note, however, that the bill currently has bipartisan support in Congress and is endorsed by the US Chamber of Commerce, increasing the odds that lawmakers will successfully move it through the House and Senate.

Taking the steps necessary to protect your small business from cyberattacks is an important step to protect your business and help it succeed—but it’s not the only one. You also need to secure proper insurance coverage and documentation. To learn more about our custom insurance solutions for small businesses in New Jersey and nationwide—solutions which will help your business succeed and grow—contact us today.