The Cybersecurity for Small Business Pilot Program (CRS Report for Congress)
| Release Date |
Aug. 7, 2024 |
| Report Number |
IF12732 |
| Report Type |
In Focus |
| Authors |
Adam G. Levin |
| Source Agency |
Congressional Research Service |
Summary:
Although cybercrimes against large companies often attract
attention, criminals also frequently attack small businesses
online. One 2022 report found that an average employee at
a small business will be the target of 350% more “social
engineering” cyberattacks (where individuals are
manipulated into sharing information) than an employee at
a larger company. Another survey that same year noted that
over 30% of small and mid-size businesses in the United
States lack written plans to respond to cyberattacks. At the
same time, some experts suggest that small businesses may
have less understanding of and resources for cybersecurity
than larger firms.
Since 2022, the U.S. Small Business Administration (SBA)
has operated the Cybersecurity for Small Business Pilot
Program (CSBPP) to help small businesses enhance their
cybersecurity. CSBPP provides grants to states, state
agencies, and entities designated to conduct a state’s
cybersecurity education to fund projects intended to help
small businesses fend off online threats. To date, SBA has
made nine awards worth a total of $9 million through
CSBPP. SBA opened a new round of applications in July
2024 for CSBPP awards for FY2024.
This In Focus discusses the legislative and funding histories
of CSBPP, program eligibility and award information, and
selected issues for Congress.
