Eshoo, Katko, Rosen, Cornyn Introduce Bill to Bolster Cybersecurity of Small Businesses, Nonprofits, Local Governments

September 25, 2020
Press Release

WASHINGTON, D.C. – Today, Representatives Anna G. Eshoo (D-CA) and John Katko (R-NY) introduced the Improving Cybersecurity of Small Organizations Act, a bipartisan and bicameral bill to help small businesses nonprofits, and local governments implement strong protections against cybersecurity attacks. Senators Jacky Rosen (D-NV) and John Cornyn (R-TX) introduced companion legislation in the U.S. Senate.

The Improving Cybersecurity of Small Organizations Act does the following:

  • Directs the Cybersecurity and Infrastructure Security Agency (CISA) to issue guidance that documents and promotes evidence-based cybersecurity policies and controls for small organizations (i.e., small businesses, nonprofits, and local governments);
  • Requires CISA, the Small Business Administration (SBA), and the Minority Business Development Agency to promote the cybersecurity guidance;
  • Requires the Secretary of Commerce to submit to Congress a report describing methods to incent small organizations to improve their cybersecurity; and
  • Requires the SBA to report on the state of small business cybersecurity every two years.

“Small businesses, small nonprofits, and small local governments can’t afford to hire cybersecurity professionals, yet they are still vulnerable to debilitating cyberattacks,” said Rep. Eshoo. “The Improving Cybersecurity of Small Organizations Act simply requires federal agencies to recommend easy-to-understand and evidence-based guidance that small organizations can adopt to improve their cybersecurity and protect everyone they serve.”

“Today, small businesses, local governments, and regional non-profits are facing growing risks when it comes to cybersecurity. Unfortunately, the guidance that is available is overly complicated or geared toward organizations with greater resources. That’s why, I’m glad to join Rep. Eshoo in introducing the Improving Cybersecurity of Small Organizations Act. This bipartisan bill requires CISA to issue straightforward actions small organizations should take to protect their systems and devices from common cyber threats,” said Rep. Katko.

“Small organizations are increasingly vulnerable to cyber-attacks, and many of them lack the resources to manage complex cyber risks,” said Sen. Rosen. “I’m proud to introduce the Improving Cybersecurity of Small Organizations Act of 2020. This bipartisan and bicameral legislation will help protect our nation’s small businesses, nonprofits, and local governments from the growing threat of cyber-attacks and keep our economy and nation safe. I will continue to support forward-thinking legislation that improves America’s digital infrastructure.”

“Small businesses and local governments face cybersecurity threats just as larger corporations do, and protecting against these risks doesn’t have to break the bank,” said Sen. Cornyn. “This legislation would provide smaller agencies and business owners with guidance on how to keep their information secure and help Congress understand how we can best support them moving forward.”

# # #