Statement: “Protecting Small Businesses from Cyber Attacks: the Cybersecurity Insurance Option”

Jul 26, 2017
STATEMENT
The Honorable Nydia M. Velazquez
Committee on Small Business 
“Protecting Small Businesses from Cyber Attacks: the Cybersecurity Insurance Option”
July 26, 2017, 11:00am
Room 2360 of the Rayburn House Office Building
 
 
The Internet has undoubtedly transformed the way small businesses operate. E-commerce empowers America’s 28 million small businesses a unique opportunity to sell their products not only across the country, but around the world. Unfortunately, for small business owners, when it comes to the health of their businesses, cyber hygiene often falls to the backburner.  
 
The lack of preventive measures can result in hacks and other cyber incidents that have major, and costly, implications for small business and their ability to operate. The topic of this hearing is particularly timely.  If Russia was able to use cyberattacks to penetrate our democratic institutions, by comparison, a small business seems an easy target. 
 
The fact of the matter is there will continue to be cyber threats – from those who would seek to damage our national security, our economic security and our political systems.  And, there will continue to be criminals who seek to profit by stealing sensitive data held by the government or in the private sector.  
 
Cyber criminals have realized small entities are more exposed than larger businesses that have dedicated, in-house IT personnel overseeing their systems and networks.  
 
 In 2016 alone, more than 1.1 billion identities were stolen. This is worrisome – perhaps lethal – for companies that have a reputation of safeguarding their customers’ information and need to maintain their credibility.  
 
Small businesses that lose customer information when their security is breached suffer significant costs – financially and in the loss of customers’ trust. 
 
And, once businesses get compromised, fully recovering from a cyber-attack is extremely difficult – if it’s noticed at all. On average, small businesses that get hacked make the discovery more than 200 days after the attack has occurred.   
 
For the Federal Government, cybersecurity should be a priority.  But the private sector must also stand up to the challenge and complement the existing federal resources. 
 
Given the financial consequences that a cyber-attack may have on small businesses, there is a new industry of insurance providers focused on providing policies to protect them. Yet, there are a number of factors making this an expensive undertaking. 
 
A lack of adequate data underscores the complex nature of creating cyber liability policies for small firms. Also, the type of business, the risk management procedures, and the continually evolving threats make it difficult for the insurers and the small business. 
 
Today’s hearing will help us look at this novel idea and learn what role Congress plays in streamlining such an important insurance product. 
 
I look forward to hearing the challenges small businesses face in selecting a cybersecurity insurance policy and the hurdles insurers must overcome to offer viable and comprehensive cybersecurity insurance solutions. 
 
It is clear from recent events that these issues are not diminishing. If anything, they are growing more important. Cybersecurity concerns – from Russia’s attack on our political institutions to criminal enterprises preying on small businesses– merit our attention more than ever before.