Congress Mulls SME Cybersecurity Legislation

Shutterstock

A bill that would encourage SMEs to follow cybersecurity guidelines is making its way through Congress as an addition to existing legislation encouraging the same of large corporates.

Reports this week said the bill, the Main Street Cybersecurity Act, is an update to the existing Cybersecurity Enhancement Act of 2014 and would seek for the National Institute of Standards and Technology to develop a set of voluntary guidelines for small businesses to mitigate and prevent cybersecurity risks.

According to reports, the Senate Committee on Commerce, Science and Transportation discussed the legislation Wednesday (April 5).

“By creating a simple, voluntary cybersecurity framework for small businesses, the Main Street Cybersecurity Act will help them protect their data,” said Senator Maria Cantwell (D-WA). Cantwell is one of five cosponsors of the bill.

Last year the House Small Business Committee heard testimony on the cyber-related threats SMEs face.

Reports also highlighted data to suggest that protecting SMEs against cybersecurity threats is critically needed. CNBC pointed to the 2016 State of SMB Cybersecurity Report, which found that 28 million SMEs aren’t even thinking about cybersecurity.

“Most small business owners don’t think they’re at risk,” said Bryan Seely, a network engineer and teacher of ethical hacking, in an interview with CNBC. “As a result, it’s fair to say they are indeed ill-prepared to safeguard against an attack.”

More recent research from Manta found 87 percent of SMEs feel they aren’t at risk for a cyberattack, while a third don’t have tools to safeguard themselves.

“The general majority of small business owners don’t have an IT person,” said Manta CEO John Swanciger in another interview. “It’s not the first place they spend their money. They’re really relying on themselves to update their software and check for security patches.”

While the Main Street Cybersecurity Act would put out best practices for these small businesses to protect themselves, its unclear if voluntary guidelines would help, considering so many SMEs believe they aren’t at risk in the first place.