On October 11, 2017, the House passed a bill that would provide guidance to small business on how to deal with cybersecurity issues. This legislation passed on the heels of a similar Senate bill that passed just weeks before on September 28.
The NIST Small Business Cybersecurity Act (H.R. 2105) would require the Department of Commerce’s National Institute of Standards and Technology (NIST) to issue voluntary guidelines specifically addressing the needs of the many small businesses across the country. Much like other voluntary guidelines enacted by NIST, the guidance for small business would not seek to add additional regulation, but rather would provide small business owners with a set of best practices to keep themselves safe in the constantly growing cyber world.
According to the bill, small businesses account “for 54 percent of all United States sales and 55 percent of jobs in the United States.” Not only do attacks targeting small and medium businesses account for a high percentage of cyberattacks in the United States, according to the National Cyber Security Alliance, but “[s]ixty percent of small businesses that suffer a cyberattack are out of business within 6 months.”
House sponsor Daniel Webster (R-Fla.), an owner of a multi-generational small business, stated that small businesses “are more susceptible to attacks” because of the limited cybersecurity resources and the “tools they need to prepare for such an event.” (via Bloomberg BNA.) According to Webster, the NIST cybersecurity framework would act to “protect business owners, their employees, and their customer base, all while contributing positively to the economy.”
H.R. 2105 received bipartisan support and passed by a voice vote. The similar Senate bill, the MAIN STREET Cybersecurity Act (S. 770), also received bipartisan support.