Bill Overview
Title: Small Business Cyber Training Act of 2022
Description: This bill requires the Small Business Administration to establish a program for certifying at least 5 or 10% of the total number of employees of a small business development center to provide cybersecurity planning assistance to small businesses.
Sponsors: Sen. Rubio, Marco [R-FL]
Target Audience
Population: People associated with small businesses
Estimated Size: 10000000
- Small businesses often have fewer resources and expertise to manage cybersecurity threats.
- The bill specifically aims to enhance cybersecurity assistance provided by small business development centers (SBDCs).
- There are millions of small businesses worldwide who could benefit from improved cybersecurity assistance.
- Small businesses in the U.S. are particularly likely to engage with SBDCs and therefore be impacted by this bill.
Reasoning
- The policy is targeted at small businesses, which means the primary impact zone is within enterprises employing less than 500 people.
- Given the focus on cybersecurity and resources allocated to train staff at SBDCs, small-business owners and employees will likely experience the most benefits.
- The population of interest is tied closely to the concentration of small businesses across the U.S.
- Budget constraints suggest the program must be carefully scoped initially, leading to selection of qualified centers in areas with high concentrations of small businesses.
- Given that some small businesses may already have cybersecurity measures, their immediate gain might be limited.
Simulated Interviews
Owner of a small tech startup (California)
Age: 42 | Gender: female
Wellbeing Before Policy: 6
Duration of Impact: 10.0 years
Commonness: 4/20
Statement of Opinion:
- I believe this policy could prevent future cyber incidents like the one we faced.
- Having certified experts in nearby business centers would be a great help.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 6 |
| Year 2 | 7 | 6 |
| Year 3 | 8 | 6 |
| Year 5 | 8 | 7 |
| Year 10 | 9 | 7 |
| Year 20 | 7 | 6 |
Manager at a small retail business (Texas)
Age: 34 | Gender: male
Wellbeing Before Policy: 5
Duration of Impact: 5.0 years
Commonness: 5/20
Statement of Opinion:
- Getting certified assistance on cybersecurity would help us make informed decisions.
- The policy may relieve some financial burden for cybersecurity investments.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 5 |
| Year 2 | 7 | 6 |
| Year 3 | 7 | 6 |
| Year 5 | 8 | 6 |
| Year 10 | 8 | 7 |
| Year 20 | 7 | 6 |
Freelance IT consultant (New York)
Age: 50 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 3.0 years
Commonness: 8/20
Statement of Opinion:
- I think this policy could increase demand for my services.
- There's a chance small businesses might rely solely on SBDC-certified people, reducing external consultancy work.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 7 | 7 |
| Year 3 | 7 | 7 |
| Year 5 | 8 | 7 |
| Year 10 | 8 | 7 |
| Year 20 | 7 | 7 |
Employee at a small boutique (Florida)
Age: 28 | Gender: female
Wellbeing Before Policy: 5
Duration of Impact: 7.0 years
Commonness: 5/20
Statement of Opinion:
- This policy may lessen my worries about the company’s security measures.
- If our business becomes secure, customers would trust us more.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 5 |
| Year 2 | 6 | 5 |
| Year 3 | 7 | 5 |
| Year 5 | 7 | 6 |
| Year 10 | 8 | 6 |
| Year 20 | 6 | 5 |
Co-owner of a small graphics design firm (Illinois)
Age: 39 | Gender: other
Wellbeing Before Policy: 6
Duration of Impact: 10.0 years
Commonness: 3/20
Statement of Opinion:
- Having access to trained cybersecurity experts locally would greatly benefit us.
- This initiative might also inspire more trust among clients.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 6 |
| Year 2 | 8 | 6 |
| Year 3 | 8 | 7 |
| Year 5 | 9 | 7 |
| Year 10 | 9 | 7 |
| Year 20 | 8 | 6 |
Executive director at a local SBDC (Ohio)
Age: 46 | Gender: female
Wellbeing Before Policy: 8
Duration of Impact: 10.0 years
Commonness: 10/20
Statement of Opinion:
- This policy is a boon for us. We can cater to more businesses with enhanced services.
- I'm hopeful that this will help most small businesses thrive without worrying about cyber threats.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 8 |
| Year 2 | 9 | 8 |
| Year 3 | 9 | 8 |
| Year 5 | 9 | 8 |
| Year 10 | 10 | 9 |
| Year 20 | 9 | 8 |
Owner of a small family restaurant (Georgia)
Age: 53 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 2.0 years
Commonness: 2/20
Statement of Opinion:
- I'm unlikely to use cybersecurity services because my business doesn't rely much on tech.
- However, if needed, it's good to know there are resources available.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 7 | 7 |
| Year 3 | 7 | 7 |
| Year 5 | 7 | 7 |
| Year 10 | 7 | 7 |
| Year 20 | 6 | 6 |
IT manager at a small law firm (Colorado)
Age: 31 | Gender: female
Wellbeing Before Policy: 6
Duration of Impact: 5.0 years
Commonness: 6/20
Statement of Opinion:
- Access to SBDC-trained personnel means our firm can boost its cybersecurity without extra hiring.
- It's reassuring to know that help is local and specialized.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 6 |
| Year 2 | 7 | 6 |
| Year 3 | 8 | 6 |
| Year 5 | 8 | 7 |
| Year 10 | 9 | 8 |
| Year 20 | 7 | 6 |
Retired, former owner of a small retail business (North Carolina)
Age: 63 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 4.0 years
Commonness: 9/20
Statement of Opinion:
- I'm hopeful my mentees will benefit from this policy.
- This initiative could save them from potential cybersecurity pitfalls.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 7 | 7 |
| Year 3 | 7 | 7 |
| Year 5 | 8 | 7 |
| Year 10 | 8 | 7 |
| Year 20 | 7 | 7 |
Co-founder of a non-profit for small businesses (Oregon)
Age: 45 | Gender: female
Wellbeing Before Policy: 8
Duration of Impact: 7.0 years
Commonness: 7/20
Statement of Opinion:
- Our non-profit would greatly benefit by connecting SMEs with certified cybersecurity professionals.
- This initiative aligns with our mission to help small businesses transition into tech-savvy markets.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 9 | 8 |
| Year 2 | 9 | 8 |
| Year 3 | 9 | 8 |
| Year 5 | 9 | 8 |
| Year 10 | 10 | 8 |
| Year 20 | 9 | 8 |
Cost Estimates
Year 1: $5000000 (Low: $4000000, High: $6000000)
Year 2: $5000000 (Low: $4000000, High: $6000000)
Year 3: $5000000 (Low: $4000000, High: $6000000)
Year 5: $5500000 (Low: $4500000, High: $6500000)
Year 10: $6000000 (Low: $5000000, High: $7000000)
Year 100: $10000000 (Low: $8000000, High: $12000000)
Key Considerations
- The cost estimates include ongoing training program operations and maintenance.
- Indirect economic benefits, such as reduced losses from cybercrime, are not directly included in government cost savings but could justify the program's strategic value.
- The long-term cost-effectiveness of improved cybersecurity practices in small businesses may reduce systemic risks to national economic infrastructure.