WASHINGTON, D.C. – Today, U.S. Senator Jacky Rosen (D-NV), a member of the Senate Committee on Small Business and Entrepreneurship and Homeland Security and Governmental Affairs Committee, announced the introduction of S.4731, the bipartisan and bicameral Improving Cybersecurity of Small Organizations Act of 2020. The bill, introduced alongside Senator John Cornyn (R-TX) and Representatives Anna G. Eshoo (D-CA) and John Katko (R-NY), would require the Cybersecurity and Infrastructure Agency (CISA) to maintain and promote cybersecurity best practices guidance for small organizations, which includes small businesses, small nonprofits, and small governmental agencies.
“Small organizations are increasingly vulnerable to cyber-attacks, and many of them lack the resources to manage complex cyber risks,” said Senator Rosen. “I’m proud to introduce the Improving Cybersecurity of Small Organizations Act of 2020. This bipartisan and bicameral legislation will help protect our nation’s small businesses, nonprofits, and local governments from the growing threat of cyber-attacks and keep our economy and nation safe. I will continue to support forward-thinking legislation that improves America’s digital infrastructure.”
BACKGROUND: An estimated 43% of online cyber-attacks are aimed at small businesses and cost companies an average of $200,000 in damages, putting many small organizations, particularly those with few resources, at risk of going out of business.
Specifically, the bipartisan and bicameral Improving Cybersecurity of Small Organizations Act of 2020 (S.4731):
- Directs the Cybersecurity and Infrastructure Security Agency (CISA) to issue guidance that documents and promotes evidence-based cybersecurity policies and controls for small organizations (i.e., small businesses, nonprofits, and local governments);
- Requires CISA, the Small Business Administration (SBA), and the Department of Commerce to promote the cybersecurity guidance;
- Requires the Secretary of Commerce to submit to Congress a report describing methods to incentivize small organizations to improve their cybersecurity; and
- Requires the SBA to report on the state cybersecurity of small businesses every two years.