The Small Business Administration (SBA) can expect more help fighting future cyberattacks now that President Joe Biden has signed the SBA Cyber Awareness Act.
The bipartisan legislation by Reps. Young Kim (R-Calif.) and Jason Crow (D-Colo.) is expected to strengthen the SBA’s ability to handle and report cyber threats that impact small businesses.
“Our small businesses are three times more likely to be targeted by cybercriminals than larger companies are. And when successful, just one of these attacks can be fatal to the business,” Crow said in a statement.
The new law, signed by Biden on Dec. 22, 2022, will expand cybersecurity operations at the SBA by requiring the agency to notify Congress of future breaches with information about the affected small businesses and how the cyberattack happened.
The agency will be required to issue a report within six months, assessing the agency’s ability to combat cyber threats. This report will include the SBA’s cybersecurity infrastructure, the agency’s strategy to improve protections, and list any incidents of cyber risks at the agency.
The report is required to also include a list of any equipment used by the agency that is manufactured by a company headquartered in China.
“Small businesses are the driving force of [Colorado’s] economy. But for many of our businesses, just one cyber-attack could be crippling,” Crow wrote on Twitter on Dec. 23.
The legislation was approved by the House of Representatives in November 2021.
A report issued earlier this year by Barracuda, a security solutions provider, found that an average employee of a small business with less than 100 employees will experience 350 percent more cyberattacks than an employee of a larger business.
In addition, cybercriminals sent out 3 million messages from 12,000 compromised accounts in 2021, and one in five organizations had an account compromised last year, Barracuda reported.
The legislation directs the energy secretary to create a grant program to “provide financial assistance to graduate students and postdoctoral researchers pursuing certain courses of study relating to cybersecurity and energy infrastructure.”