Washington, DC – Today, the House passed the Senate-amended SBA Cyber Awareness Act (H.R. 3462), a bipartisan bill by U.S. Reps. Young Kim (CA-39) and Jason Crow (CO-06) to strengthen the Small Business Administration (SBA)’s cybersecurity capabilities to handle and report cyber threats that impact small businesses. Reps. Kim and Crow serve as Ranking Member and Chair of the Small Business Subcommittee on Innovation, Entrepreneurship and Workforce Development.
The SBA Cyber Awareness Act passed the House in November 2021 and now heads to the president’s desk to be signed into law.
“As a record number of small business owners applied for vital assistance to keep their doors open during COVID-19, SBA’s legacy systems could not keep up, leading to backend crashes, slow portals and a breach of Americans’ personal data. Entrepreneurs need certainty that they can safely use SBA resources available to them,” said Kim. “I applaud the Senate for coming together to pass the SBA Cyber Awareness Act to improve SBA cybersecurity and urge the president to swiftly sign this bill into law. As a member of the Small Business Committee, I will keep working to support our small business owners and make sure taxpayer dollars are allocated as intended.”
“Our small businesses are three times more likely to be targeted by cybercriminals than larger companies are. And when successful, just one of these attacks can be fatal to the business,” said Crow. “I am proud to work with Ranking Member Kim on a bipartisan basis to help protect our small businesses, and honored to deliver this win for the people of Colorado.”
Senate companion legislation (S. 1691) was introduced by Senate Small Business Committee member Marco Rubio (R-FL).
The SBA Cyber Awareness Act would expand cybersecurity operations at the SBA by requiring the SBA to notify Congress of future breaches with information on those affected and how the breach occurred and directing the SBA to issue a report within six months of bill passage assessing the agency’s ability to combat cyber threats. Specifically, the report would disclose:
- The SBA’s cybersecurity infrastructure;
- The SBA’s strategy to improve cybersecurity protections;
- Any equipment used by the SBA and manufactured by a company headquartered in China; and,
- Any incident of cyber risk at the SBA and the agency’s actions to confront it.