Sen. Maggie Hassan, D-N.H., speaks during an Aug. 6, 2020, Senate Homeland Security and Governmental Affairs Committee in Washington. A new bill from Hassan, the Small Business Cybersecurity Act, would set aside millions of dollars in federal grant funding for small business development centers to offer a range of local cybersecurity services. (Photo by Toni Sandys/Pool via Getty Images)

A new Senate bill would send millions of dollars in grant funding to small business centers to train cybersecurity workers and conduct testing and review of business IT environments.

The Small Business Cybersecurity Act, introduced this week by Sen. Maggie Hassan, D-N.H., would authorize $20 million in 2023 and every year thereafter to the Small Business Administration, which would in turn use it to award noncompetitive grants to small business development centers across the country in order to fund a range of cybersecurity programs and resources to small businesses, according to a copy of the bill obtained by SC Media.

Those services could include things like cybersecurity trainings for workers, tabletop exercises, reviews of policies, plans or procedures, penetration testing services, or cybersecurity consultant services.

In a statement, Hassan said the bill drew inspiration in part from the programs offered by the New Hampshire Small Business Development Center, which offers free cybersecurity reviews to businesses with 500 or fewer employees, web-based trainings based on National Institute for Standards and Technology’s Cybersecurity Framework and one-on-one consulting with business advisers around cybersecurity risks.  

“I encourage my colleagues to pass this bill so that Small Business Development Centers in New Hampshire and across the country can keep working to protect small businesses from cyberattacks and help them thrive,” Hassan said.

Small businesses are among the most vulnerable targets to malicious hackers, ransomware groups and other cybercriminal groups. A survey from Intuit of more than 2,000 small- and medium-sized businesses published in April found that 42% of reported their organization has already experienced a cybersecurity breach, while 1 in 5 listed cyberattacks as the biggest threat to their business.

They make up critical parts of the technology supply chain but often lack the financial resources and expertise to dedicate to cybersecurity, two areas the bill is seeking to address. That reality can often throw a wrench into larger efforts by the federal government to raise the baseline level of cybersecurity across the nation, because many such programs require significant investments in human and technical capital.

Hassan’s bill would cap the amount of grant funding that each individual state could draw from depending on their size as determined by the SBA administrator. Smaller states would receive a maximum of $200,000, medium states can receive up to $300,000 and funding to large states would be capped at $400,000.