Witnesses Note that Nearly 60 Percent of Small Businesses

Will Close Within Six Months after a Cyber Attack

WASHINGTON – House Small Business Healthcare and Technology Subcommittee Chairwoman Renee Ellmers (R-NC) released the following statement from her office in Washington this afternoon:

“For small businesses, a cyber attack can be catastrophic, leaving them paralyzed and unable to recover from the loss of their intellectual property and resources. Unlike larger firms, most small companies cannot afford to purchase security software or hire staff to specifically monitor their security systems, leaving them as an easy target for cyber criminals. In fact, Symantec reports that 40 percent of all targeted cyber attacks were directed at small businesses. Statistics also show that nearly 60 percent of small businesses will close within six months after a cyber attack. Given the fact that small companies are our nation’s best job creators and economic drivers— this is greatly alarming.

“There is no one-size-fits-all solution for combating cyber attacks— it will take partnership from both the public and private sectors to protect against these threats. As Congress moves forward in considering legislation and modernizing cyber security laws, we must ensure that small companies are not burdened with more costly regulations. Congressman Mac Thornberry (R-TX) and our witnesses today provided great insight on what role the federal government should play in helping the private sector combat cyber terrorism, and I am confident this will lead to viable solutions.”

For additional hearing documents, click here.

Notable Witness Quotes:

U.S. Congressman William M. “Mac” Thornberry (R-TX), Chairman of the House Cybersecurity Task Force, said, “The first area the Task Force believes that Congress should act upon is to promote a series of incentives to help raise the level of cyber security generally and increase awareness. Estimates are that 85 percent of threats in cyberspace can be eliminated with proper cyber security “hygiene”… The second area is to address the more sophisticated attacks from large groups and state actors by increasing information sharing between the federal government and private businesses as well as getting companies to share more with each other.” 

David Beam, Senior Vice President of the North Carolina Electric Membership Corporation in Raleigh, NC, said, “The scope of any proposed legislation should be limited to those assets and systems which are realistic targets of a cyber threat and which could have significant impact on the security of the BPS. Casting too wide a net would bring entities like distribution co-ops and other small businesses under potentially very burdensome regulatory requirements with little or no benefit to grid security.”

Michael Kaiser, Executive Director of the National Cyber Security Alliance in Washington, DC, said, “This data shows that we need to not only reach individual small businesses and help them build a better-defended environment, but also that the entire small business ecosystem is at risk… Cybercriminals know, as our data suggests, that small businesses are less defended and more vulnerable.”

Phyllis Schneck, Chief Technology Officer Public Sector at McAfee, Inc. in Reston, VA, said, “[T]here are two schools of thought on the government’s role in achieving a desired outcome: one that posits that regulatory mandates are the best way to incent good behavior (in this case, strong cyber security measures); and, alternatively, one that asserts that positive outcomes are best achieved via positive incentives… However, the heavily regulatory approach would not necessarily make organizations more secure- just more compliant. [P]ositive incentives have a higher probability of success…”

# # #

For more information, please visit Congresswoman Ellmers’ website at www.ellmers.house.gov or call (202) 225-4531.

Follow us on Facebook and on Twitter @RepReneeEllmers

Tom Doheny

Press Secretary

Congresswoman Renee Ellmers R-NC-2

Washington, DC