On Wednesday, the House Small Business Committee held a hearing regarding foreign cybercriminals’ impact on small businesses, with four leaders in the field (Jamil Jaffer, Justin Zeefe, Nova Daly and Angela Dingle) as witnesses. They all voiced concern over the heavy targeting of small businesses in cybercrime, with 75 percent of victims of cyber-attacks and data breaches having fewer than 250 employees. This has surfaced as a problem because cyber security has been rapidly increasing in cost – it has quadrupled over the past three years, and is expected to do so again by 2019 – resulting in small businesses being ill-equipped to defend themselves against cybercriminals. An even greater worry is that 60 percent of small businesses close down within six months of a breach. Possibly the most difficult aspect of this issue is the fact that major nations, mainly China and Russia, are actively targeting small businesses, and are unable to be punished for cybercrime.
However, there were some good solutions proposed in the hearing. One of the most repeated suggestions was for small businesses to band together to increase their purchasing power in order to buy cybersecurity services. Another heavily repeated line was to create cybersecurity standards throughout companies and industries. A surprising point was that the federal government needs to enforce its cybersecurity laws more vigorously against hackers. Additionally, the government and businesses, small and large, need to share cyber threat information with “real time and real speed” with the federal government and among themselves – something that the recently enacted Cyber Information Sharing Act (CISA) aims to accomplish.