The House on Dec. 7 unanimously voted to pass legislation that requires the Small Business Administration (SBA) to improve its cyber defenses; the bill now heads to President Biden’s desk for his signature.
The SBA Cyber Awareness Act – introduced by Reps. Young Kim, R-Calif, and Jason Crow, D-Colo. – would require SBA to develop a cyber strategy, assess the risks of foreign-sourced components that make up part of its IT systems, and report data breaches and other cybersecurity incidents to Congress.
“As a record number of small business owners applied for vital assistance to keep their doors open during COVID-19, SBA’s legacy systems could not keep up, leading to backend crashes, slow portals, and a breach of Americans’ personal data. Entrepreneurs need certainty that they can safely use SBA resources available to them,” Rep. Kim said in a statement.
“Our small businesses are three times more likely to be targeted by cybercriminals than larger companies are. And when successful, just one of these attacks can be fatal to the business,” Rep. Crow added.
Sens. Marco Rubio, R-Fla., Jim Risch, R-Ind., and Bill Cassidy, R-La., introduced similar legislation in 2021 requiring the SBA to be more proactive in protecting data and requiring greater transparency of threats and breaches that occur.
The Senate companion bill would require SBA to issue a report assessing the agency’s ability to combat cyber threats.
The report would include:
- Details of SBA’s cybersecurity infrastructure;
- SBA’s strategy to improve cybersecurity protections;
- any equipment used by the SBA and manufactured by a company headquartered in China; and
- Any cyber risk incident and the agency’s actions to deal with it.