Eshoo, Timmons Re-Introduce Bipartisan, Bicameral Bill to Improve Cybersecurity of Small Organizations

January 31, 2022
Press Release

WASHINGTON, D.C. – Today Rep. Anna G. Eshoo (D-CA) and William Timmons (R-SC) reintroduced the Improving Cybersecurity of Small Businesses, Nonprofits, and Local Governments Act, bicameral, bipartisan legislation that directs the Cybersecurity and Infrastructure Agency (CISA) to publish recommendations that small businesses, nonprofits, and local governments may employ to improve their cybersecurity.

“Small businesses, small nonprofits, and small local governments can’t afford to hire cybersecurity professionals, but they are still vulnerable to debilitating cyberattacks,” said Eshoo. “I’m proud to introduce this bipartisan, bicameral bill to require federal agencies to recommend easy-to-understand and evidence-based recommendations that small organizations can adopt to improve their cybersecurity and protect everyone they serve.”

“As a small business owner, I know the threats that come with operating in the ever changing cyber-landscape,” said Timmons. “The Improving Cybersecurity of Small Businesses, Nonprofits, and Local Governments Act would recommend best practices, protocols, and systems that organizations can implement to prevent cyber-attacks and keep their data secure. Our bill will help these institutions who are increasingly becoming the targets of cyber-attacks from bad actors foreign and domestic, and I am proud to join Rep. Eshoo in this effort.”


The Improving Cybersecurity of Small Businesses, Nonprofits, and Local Governments Act does the following:

  • Directs CISA to issue guidance that documents and promotes evidence-based cybersecurity policies and controls for small organizations (i.e., small businesses, nonprofits, and local governments);
  • Requires CISA, the Small Business Administration (SBA), and the Minority Business Development Agency to promote the cybersecurity guidance;
  • Requires the Secretary of Commerce to submit to Congress a report describing methods to incentivize small organizations to improve their cybersecurity; and
  • Requires the SBA to report on the state of small business cybersecurity every two years.

The bill text can be found here.

Senators Jacky Rosen (D-NV) and John Cornyn (R-TX) introduced companion legislation in the Senate.