Cybercrimes often overshadow the smaller, yet significant, threat to small businesses. A 2022 report highlighted that employees at small businesses are 350% more likely to be targeted by social engineering cyberattacks compared to their counterparts at larger firms. Despite this vulnerability, over 30% of small and mid-size businesses in the United States lack formal cyberattack response plans, largely due to limited resources and understanding of cybersecurity.
To address this gap, the U.S. Small Business Administration (SBA) launched the Cybersecurity for Small Business Pilot Program (CSBPP) in 2022. This initiative provides grants to states, state agencies, and designated entities to fund projects aimed at enhancing small business cybersecurity. So far, the SBA has awarded $9 million through nine grants and opened new applications for the fiscal year 2024.
The legislative journey of CSBPP began with the National Defense Authorization Act for Fiscal Year 2017 (FY2017 NDAA), which tasked the SBA and the Department of Homeland Security (DHS) with developing a “Small Business Development Center Cyber Strategy.” This strategy, completed in March 2019, included plans for SBA’s Small Business Development Centers (SBDCs) to leverage federal resources, enhance cybersecurity services, and partner with state and local governments.
Further legislative support came from the Small Business Cyber Training Act of 2022, which mandated the creation of a cyber counseling certification program for SBDC employees. This law ensures that certified counselors provide cybersecurity planning assistance to small businesses. In August 2024, the SBA opened applications for organizations to develop this certification program.
Funding for CSBPP has been consistent, with $3 million appropriations each year since FY2021. Notable awardees include the Forge Institute in Arkansas, Dakota State University, and the state of Maryland. The program encourages collaboration with SBA district offices, SBDC partners, and private organizations to develop comprehensive cybersecurity services for small businesses.
Despite its progress, CSBPP faces scrutiny. Congress may consider evaluating the program’s effectiveness, increasing funding, and expanding the number of awards. There’s also the possibility of additional programs or research focused on small business cybersecurity, updating the 2019 Cyber Strategy, and ensuring its recommendations are fully implemented.
The CSBPP represents a significant step towards securing small businesses against cyber threats. As the program evolves, ongoing legislative and financial support will be crucial in fortifying this vulnerable sector of the economy.
Reference: Congressional Research Service, “The Cybersecurity for Small Business Pilot Program,” August 7, 2024. (IF12732).
Leave a Reply