On Friday, a bipartisan group of House and Senate lawmakers introduced legislation focused on small businesses, non profits and local governments to defend against cyber attacks.
Quoting from The Hill:
The Improving Cybersecurity of Small Organizations Act would require the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to develop and issue guidance on cybersecurity policies for small businesses, nonprofits and local governments.
Both CISA and the Small Business Administration (SBA) would be required to promote the guidance, and the SBA would additionally be required to issue a report on the state of small business cybersecurity every two years.
The work output – guidance that documents and promotes policies and controls, the promotion of that guidance, and a report to Congress describing the incentives to small organizations to improve their security AND a state of small business cybersecurity report every two years from the SBA.
Why do we care?
I’ve been saying more regulation is coming, and it’s starting. Here’s the documentation of policies and procedures, and that report on the current status.
Anyone believe this is the last step? If we believe you can’t manage what you don’t measure, here’s the measuring. The SBA will now be measuring the state of the market.
There’s an obvious opportunity to plug in here – someone’s going to win that work to consult – but also the ability to influence. I have been discussing the idea of those state-level associations – here’s a way to get those involved as well.
Some enterprising providers are going to lead the way here.
Source: The Hill