Hearing of the House Small Business Committee - Opening Statement of Rep. Blaine Luetkemeyer, Hearing on "Strengthening the Cybersecurity Posture of America's Small Business Community"

Hearing

Today, the House Committee on Small Business is holding a hybrid hearing titled, "Strengthening the Cybersecurity Posture of America's Small Business Community."

Ranking Member Luetkemeyer's opening statement as prepared for delivery:

Thank you, Madam Chairwoman. In preparing for today's hearing, I am reminded of how pervasive the use of the internet and information technology has become in our society and in such a short period of time. We bank online. We work online. And over the past year, we have held many Congressional hearings online. Our growing dependency on constantly evolving information technology is fundamentally altering the way we live, and the way businesses of all sizes operate. Although the benefits springing from the utilization and adoption of new technologies are incalculable, we are forced to contend with a new threat, specifically, the explosive growth of a criminal industry seeking to steal valuable data and manipulate critical systems for financial gain. As the world continues to embrace new technology, we increase the attack surfaces through which cyber criminals can infiltrate and wreak havoc, to devastating effect.

These attacks are not without consequence; the cost of cybercrime is absolutely overwhelming. Experts estimate global damages totaling $6 trillion this year alone, projected to reach a staggering $10.5 trillion annually by 2025. Because small businesses are the intended targets of cyber criminals approximately half of the time, the damage inflicted upon small businesses is catastrophic. These attacks push many to the brink with one in six businesses reporting the financial impact materially threatening the company's future. In addition to the financial costs, many are unable to recover from the loss of their intellectual property, resources, and reputation following a cyberattack.

During my time with this Committee as a Member and now as Ranking Member, I have been privileged to speak with many small businesses in my district and beyond, and I say with certainty that many small businesses do not have the resources, knowledge, and awareness to properly defend against such attacks, which is precisely what makes them attractive targets. Many lack sufficient in-house expertise to deal with these breaches, leaving it up to the small business owners themselves to handle the matter with predictable results. Make no mistake; this is asymmetrical warfare. Cyber criminals expend little effort targeting small businesses that often have fragile to nonexistent cybersecurity defenses, while small businesses must allocate valuable time and precious resources to defend against this faceless enemy.

While attacks against large businesses consistently make front-page news, small businesses must not be disregarded. The new reality is that large organizations are merely sprawling networks of interconnected business partners consisting of all sizes of companies, including small businesses, each a viable vector for attack. And one of the most effective means of shoring up cybersecurity defenses is knowledge. Knowledge is power, and we need to empower small businesses with the tools they need to protect themselves, and by extension, the wider network of businesses and organizations they touch.

A critical component to knowledge is the need for information sharing among the public and private sectors. As fast as cybersecurity systems are established and patched, cyber criminals are already looking for -- and in many cases successfully finding -- new, creative ways to infiltrate an organization's internal networks. Having a robust information sharing system is fundamental for a strong and effective cybersecurity defense, not just for small businesses but for our country as a whole.

Unfortunately, small businesses experience significant resistance to participating in cybersecurity information sharing activities, for a variety of reasons. They may be reluctant to risk exposure to potential legal liabilities resulting from their disclosure and they may harbor doubts regarding the government's ability to adequately protect reported data and privacy information. The federal government recognizes these concerns and has made significant strides toward alleviating these fears; however, these efforts must continue to improve in order to make the most impact on small businesses which drive the digital economy's growth, innovation, and job creation. To that end, there are several pieces of bipartisan legislation introduced by my colleagues on this Committee which attempt to begin resolving some of the issues and reservations small businesses have. I hope we will engage in fruitful dialogue with our witnesses about this legislation today.

Combating cyber threats is a vastly complicated issue that will require large-scale coordination across the entire federal government and private sectors, but we must not let that complexity deter us from the goal. Rather, we must redouble our efforts toward strengthening the cybersecurity of our country, starting with small businesses. I look forward to hearing the testimony of the witnesses, and I yield back.

Source