Ellmers Subcommittee Examines Issues Facing Small Businesses in Combating Cyber Terrorism

f t # e
Washington, Dec 1, 2011 | DJ Jordan, Wendy Knox (202.225.5821) | comments

“Statistics also show that nearly 60 percent of small businesses will close within six months after a cyber attack. Given the fact that small companies are our nation’s best job creators and economic drivers— this is greatly alarming.”

WASHINGTON, D.C.— House Small Business Healthcare and Technology Subcommittee Chairman Renee Ellmers (R-NC) today held a subcommittee hearing to examine the issues faced by small businesses in combating cyber security threats, including the role of the federal government and best practice solutions.

“For small businesses, a cyber attack can be catastrophic, leaving them paralyzed and unable to recover from the loss of their intellectual property and resources,” said Ellmers. “Unlike larger firms, most small companies cannot afford to purchase security software or hire staff to specifically monitor their security systems, leaving them as an easy target for cyber criminals. In fact, Symantec reports that 40 percent of all targeted cyber attacks were directed at small businesses. Statistics also show that nearly 60 percent of small businesses will close within six months after a cyber attack. Given the fact that small companies are our nation’s best job creators and economic drivers— this is greatly alarming.

“There is no one-size-fits-all solution for combating cyber attacks— it will take partnership from both the public and private sectors to protect against these threats. As Congress moves forward in considering legislation and modernizing cyber security laws, we must ensure that small companies are not burdened with more costly regulations. Congressman Mac Thornberry (R-TX) and our witnesses today provided great insight on what role the federal government should play in helping the private sector combat cyber terrorism, and I am confident this will lead to viable solutions.”

Fast Facts on Cyber Security:


• In 2010, the average annual cost of cyber attacks to small and medium-sized businesses was $188,242.

• The Office of the National Counterintelligence Executive released a report on October 11, 2011 stating that tens of billions of dollars in trade secrets, intellectual property, and technology are being stolen each year from computer systems in the federal government, corporations and academic institutions.

• U.S. Department of Justice recorded 303,809 cyber security related complaints in 2010. This is an increase of over 1700 percent from the year 2000 (16,838 reported complaints).

For additional hearing documents, click here.

Notable Witness Quotes:

U.S. Congressman William M. “Mac” Thornberry (R-TX), Chairman of the House Cybersecurity Task Force, said, “The first area the Task Force believes that Congress should act upon is to promote a series of incentives to help raise the level of cyber security generally and increase awareness. Estimates are that 85 percent of threats in cyberspace can be eliminated with proper cyber security “hygiene”… The second area is to address the more sophisticated attacks from large groups and state actors by increasing information sharing between the federal government and private businesses as well as getting companies to share more with each other.” 

David Beam, Senior Vice President of the North Carolina Electric Membership Corporation in Raleigh, NC, said, “The scope of any proposed legislation should be limited to those assets and systems which are realistic targets of a cyber threat and which could have significant impact on the security of the BPS. Casting too wide a net would bring entities like distribution co-ops and other small businesses under potentially very burdensome regulatory requirements with little or no benefit to grid security.”

Michael Kaiser, Executive Director of the National Cyber Security Alliance in Washington, DC, said, “[Our] data shows that we need to not only reach individual small businesses and help them build a better-defended environment, but also that the entire small business ecosystem is at risk… Cybercriminals know, as our data suggests, that small businesses are less defended and more vulnerable.”

Phyllis Schneck, Chief Technology Officer Public Sector at McAfee, Inc. in Reston, VA, said, “[T]here are two schools of thought on the government’s role in achieving a desired outcome: one that posits that regulatory mandates are the best way to incent good behavior (in this case, strong cyber security measures); and, alternatively, one that asserts that positive outcomes are best achieved via positive incentives… However, the heavily regulatory approach would not necessarily make organizations more secure- just more compliant. [P]ositive incentives have a higher probability of success…”

f t # e