The NIST Small Business Cybersecurity Act & What it Means For You


Cybersecurity is a growing concern in the professional world. It’s wrong to think that only big companies and governmental institutions are subject to cyber threats. Hackers can make money by attacking small businesses too and the number of attacks is on the rise.

For example, a malicious individual can send you a type of software that blocks access to the digital assets on your computer or network. This is a ransomware attack meant to make victims pay to gain back the control of their network. It can be particularly effective because a digital information is often vital to a business, regardless of its size.

Awareness of such attacks must be raised among small businesses to eliminate the false, but common, belief that hackers have no reason to attack smaller entities. The U.S. House Committee on Science, Space and Technology managed to pass unanimously on May 2nd, 2017 a bill that’s meant to educate small business owners on the dangers of cyber threats and on how to prevent attacks.

The bill is called the NIST Small Business Cybersecurity Act of 2017 and its main objective is to drive the NIST director and heads of other federal agencies to disseminate clear guidelines and tools for small businesses to identify and manage cybersecurity risks. Moreover, the NIST director and heads of federal agencies must make the guidelines available on their government websites. These measures will be paid for with authorized funds within existing budgets.

The bill states clearly that small businesses are not obligated in any way to abide by the measures meant to reduce cybersecurity risks, but it’s certainly in their own interest to do so.

Cyber Liability Insurance

The passage of this bill speaks to the real cyber threats that small businesses are subjected to on a regular basis. Entrepreneurs must not stay passive and should instead adopt a proactive attitude to minimize the potential risks related to cyber attacks.

A simple way to do this is by getting cyber liability insurance that protects the business from both internal (employees) and external cyber risks (hackers). This type of insurance can cover:

  • Cyber extortion costs (see the above example of a ransomware attack)
  • The loss of business digital assets
  • The financial loss that derives from interrupting business activity due to a cyber attack
  • Employee and non-employee privacy liability (including government-mandated reporting)

Your business could benefit from cyber liability insurance if:

  • it collects and stores payment data digitally
  • has a database of personal information about employees and/or customers
  • business activity would be heavily disrupted by the loss of access to digital files