Rosen’s Bipartisan Legislation to Improve Cybersecurity of Small Businesses, Nonprofits, and Local Governments Advances Out of Senate Committee

View/Download Video of Senator Rosen’s Remarks HERE

WASHINGTON, DC – Today, the Senate Homeland Security and Governmental Affairs Committee (HSGAC) voted to advance the Improving the Cybersecurity of Small Businesses, Nonprofits, and Local Governments Act, bipartisan legislation introduced by U.S. Senators Jacky Rosen (D-NV) and John Cornyn (R-TX). The legislation requires the Cybersecurity and Infrastructure Agency (CISA) to annually publish and promote recommendations to help small businesses, nonprofits, and local governments implement protections against cybersecurity threats and risks.

“Small businesses, nonprofits, and local governments are increasingly vulnerable to cyberattacks, and many lack the resources to manage complex cyber risks,” said Senator Rosen. “My bipartisan legislation would direct federal agencies to develop commonsense cybersecurity recommendations and provide training for small entities, helping to protect them from the growing threat of cyberattacks. I applaud the committee’s passage of this important legislation, and look forward to the bill advancing in the Senate.”

The Improving the Cybersecurity of Small Businesses, Nonprofits, and Local Governments Act would:

  • Directs the CISA to publish an annual report that documents and promotes evidence-based cybersecurity policies and controls for small entities – defined as small businesses, nonprofits, and local governments;
  • Requires CISA, the Small Business Administration and the Minority Business Development Agency to offer to small entities voluntary training and technical assistance on how to implement the recommendations of the annual cybersecurity report;
  • Directs the Secretary of Commerce to submit to Congress an annual report describing methods to incentivize small entities to improve their cybersecurity including through the adoption of policies, controls, and classes of products and services that have been demonstrated to reduce cybersecurity risk; and
  • Requires the Small Business Administration to report on the state of small business cybersecurity in a biennial report to Congress.

###