Bill Overview
Title: Small Businesses Cybersecurity Act
Description: This bill authorizes the Small Business Administration (SBA) to award grants to Small Business Development Centers (SBDCs) to support the cybersecurity needs of the small businesses served by an SBDC. SBDCs provide counseling and training to small businesses, including working with the SBA to develop and provide informational tools to support business start-ups and existing business expansion.
Sponsors: Sen. Hassan, Margaret Wood [D-NH]
Target Audience
Population: Small business operators impacted by cybersecurity concerns
Estimated Size: 10000000
- The bill is specifically targeting small businesses that are served by Small Business Development Centers (SBDCs).
- Small businesses often struggle with cybersecurity challenges due to limited resources, so this legislation aims to provide them with the necessary support.
- There are millions of small businesses globally, with significant concentrations in countries with large economies.
- Each SBDC may serve hundreds to thousands of small businesses, potentially impacting a large number of businesses.
- Globally, small businesses account for a majority of businesses, meaning the potential reach of the bill is extensive.
- Due to the extensive nature of small businesses worldwide, the global estimate accounts for the broad reach of SBDCs.
Reasoning
- This policy focuses on U.S. small businesses that are likely to interact with SBDCs. Given the widespread presence of SBDCs across the country, the potential reach is significant.
- Existing statistics indicate that around one-third to half of U.S. small businesses might be part of this initiative, but budget and scale are major limiting factors.
- Cybersecurity challenges are particularly pronounced among small businesses due to their limited resources and expertise, so additional support could considerably enhance their security posture.
- Well-being measures account for not only business success but also the stress and security concerns of small business operators.
- A diverse range of business types, from tech startups to local service providers, illustrate the varied impact of the policy, dependent on their reliance on digital infrastructure.
Simulated Interviews
Tech Startup Founder (Austin, TX)
Age: 35 | Gender: female
Wellbeing Before Policy: 6
Duration of Impact: 10.0 years
Commonness: 6/20
Statement of Opinion:
- This policy offers us tools we couldn't afford on our own.
- Cybersecurity has always been a challenge due to financial constraints.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 6 |
| Year 2 | 8 | 6 |
| Year 3 | 8 | 6 |
| Year 5 | 9 | 5 |
| Year 10 | 9 | 5 |
| Year 20 | 7 | 4 |
Small Restaurant Owner (Chicago, IL)
Age: 48 | Gender: male
Wellbeing Before Policy: 5
Duration of Impact: 3.0 years
Commonness: 12/20
Statement of Opinion:
- I don't think cybersecurity is my biggest issue, but it can't hurt to be safer.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 5 |
| Year 2 | 6 | 4 |
| Year 3 | 5 | 4 |
| Year 5 | 4 | 4 |
| Year 10 | 4 | 3 |
| Year 20 | 4 | 3 |
Freelance Web Developer (San Francisco, CA)
Age: 29 | Gender: other
Wellbeing Before Policy: 7
Duration of Impact: 7.0 years
Commonness: 5/20
Statement of Opinion:
- Many clients are small businesses that could use better cybersecurity without added costs.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 8 | 7 |
| Year 3 | 8 | 7 |
| Year 5 | 8 | 6 |
| Year 10 | 7 | 6 |
| Year 20 | 7 | 5 |
Retail Store Owner (New York, NY)
Age: 50 | Gender: female
Wellbeing Before Policy: 4
Duration of Impact: 10.0 years
Commonness: 10/20
Statement of Opinion:
- After experiencing a breach, it's reassuring to have more support available.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 4 |
| Year 2 | 7 | 3 |
| Year 3 | 7 | 3 |
| Year 5 | 8 | 3 |
| Year 10 | 8 | 2 |
| Year 20 | 6 | 2 |
Digital Marketing Agency Owner (Denver, CO)
Age: 39 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 5.0 years
Commonness: 8/20
Statement of Opinion:
- While it's not directly impacting my business needs, safer digital practices are always beneficial.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 6 | 6 |
| Year 3 | 6 | 6 |
| Year 5 | 6 | 5 |
| Year 10 | 7 | 5 |
| Year 20 | 6 | 4 |
Handmade Crafts Store Owner (Miami, FL)
Age: 61 | Gender: female
Wellbeing Before Policy: 5
Duration of Impact: 20.0 years
Commonness: 11/20
Statement of Opinion:
- As we enter the online arena, having cybersecurity support is a relief.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 5 |
| Year 2 | 6 | 5 |
| Year 3 | 7 | 5 |
| Year 5 | 7 | 5 |
| Year 10 | 8 | 5 |
| Year 20 | 8 | 4 |
IT Consultant (Seattle, WA)
Age: 44 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 10.0 years
Commonness: 5/20
Statement of Opinion:
- Policies like this increase awareness and are great for my business indirectly. It makes my services more critical.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 7 | 7 |
| Year 3 | 8 | 7 |
| Year 5 | 8 | 6 |
| Year 10 | 9 | 6 |
| Year 20 | 7 | 5 |
Fitness Studio Owner (Los Angeles, CA)
Age: 32 | Gender: female
Wellbeing Before Policy: 5
Duration of Impact: 5.0 years
Commonness: 14/20
Statement of Opinion:
- I didn't consider cybersecurity a priority until now. This is eye-opening.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 5 |
| Year 2 | 6 | 5 |
| Year 3 | 6 | 4 |
| Year 5 | 6 | 4 |
| Year 10 | 7 | 4 |
| Year 20 | 6 | 3 |
Art Gallery Owner (Phoenix, AZ)
Age: 55 | Gender: other
Wellbeing Before Policy: 4
Duration of Impact: 15.0 years
Commonness: 7/20
Statement of Opinion:
- I need this kind of help to step into the digital world with more confidence.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 5 | 4 |
| Year 2 | 6 | 4 |
| Year 3 | 6 | 4 |
| Year 5 | 7 | 3 |
| Year 10 | 8 | 3 |
| Year 20 | 6 | 2 |
Craft Brewery Owner (Boston, MA)
Age: 27 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 3.0 years
Commonness: 9/20
Statement of Opinion:
- It might not directly benefit us yet, but it's good to consider future needs especially as online sales grow.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 6 | 6 |
| Year 3 | 6 | 6 |
| Year 5 | 6 | 5 |
| Year 10 | 7 | 5 |
| Year 20 | 5 | 4 |
Cost Estimates
Year 1: $500000000 (Low: $400000000, High: $600000000)
Year 2: $525000000 (Low: $420000000, High: $630000000)
Year 3: $550000000 (Low: $440000000, High: $660000000)
Year 5: $600000000 (Low: $480000000, High: $720000000)
Year 10: $0 (Low: $0, High: $0)
Year 100: $0 (Low: $0, High: $0)
Key Considerations
- Scalability of the program to efficiently cover a broad base of small businesses while maintaining effectiveness.
- Capacity of SBDCs to deliver the intended cybersecurity resources and training effectively.
- Cybersecurity threat landscape evolution and its implications for small businesses' safety and operational continuity.