Update: The Senate passed the Main Street Cybersecurity Act on Sept. 28. The new legislation, which requires the federal government to provide improved access to tools that protect small businesses from cyber threats, passed by unanimous consent in the wake of the recent Equifax hack.
A bill designed to protect small businesses from phishing attacks, fraudulent activity and other forms of cybersecurity breaches advanced in the Senate Wednesday. Small businesses have increasingly become the targets of cyberattacks, according to the 2016 State of SMB Cybersecurity Report. Hackers have breached half of all U.S. small businesses in the last 12 months, and this new legislation would boost resources to help small-business owners guard against such threats.
Introduced last week, the Main Street Cybersecurity Act would give small businesses better access to information and resources from the National Institute of Standards and Technology (NIST) cybersecurity framework. The bill is backed by the U.S. Chamber of Commerce and the National Small Business Association. Piggybacking on the Cybersecurity Enhancement Act of 2014, which calls for the NIST to provide a set of cybersecurity guidelines for big businesses to follow, the new Main Street legislation would provide similar, simplified guidelines for small businesses.
“Cyberattacks can have catastrophic effects on small businesses and their customers,” said Sen. John Thune (R-S.D.). “This legislation offers important resources, specifically meeting the unique needs of small businesses, to help them guard sensitive data and systems from thieves and hackers.”
In spite of the number of recent security breaches, 87 percent of small-business owners don’t feel they are at risk for an attack, according to a Manta survey published last month. The report shows that one-third of small business owners have no IT security controls, such as data-encryption tools, firewalls and antivirus software, in place. A study by the U.S. Securities and Exchange Committee reveals that 60 percent of small businesses that suffer a cybersecurity attack go out of business within six months.
“The general majority of small-business owners don’t have an IT person. It’s not the first place they spend their money,” said John Swanciger, CEO of Manta. “They’re really relying on themselves to update their software and check for security patches.”