Aspen Policy Academy

Big Security for Small Business

By Matthew Schroeder and Matt Sievers, with support from Olivia Erickson and Alexander Romero

Small businesses face a difficult challenge — they are held to similar cybersecurity standards as large enterprises but lack similar resources. They are also frequently the targets of automated exploitation by cyber criminals. As such, small businesses are at high risk for business failure in the event of a breach. This policy brief recommends updating government procurement policies — especially at the state and local levels — to require minimum cybersecurity standards for all contracts, including small businesses. Additionally, it recommends the adoption of curated tools specifically designed to help small businesses meet these minimum standards. By simultaneously increasing the cost of non-compliance and reducing the friction of implementation, these proposals will improve the overall cybersecurity posture of many small businesses.

This brief was completed as part of a project for the 2020 Aspen Tech Policy Hub Fellowship, a program designed to teach technology experts how to impact policy.

View the Brief