Cyber Readiness Institute Calls on Biden Administration To Make Small-Business Cybersecurity a National Priority


Leading Cyber Non-Profit Outlines Five Steps To Bolster Small Business Cyber Defenses

The Cyber Readiness Institute (CRI) is urging the Biden Administration to take specific actions to protect small and medium-sized businesses (SMBs), which are vital components of global supply chains, from cyber attacks. In a White Paper released today, “The Urgent Need to Strengthen the Cyber Readiness of Small and Medium-Sized Businesses, the non-profit Institute notes that SMBs need easier access to cybersecurity resources and require prescriptive, easy-to-adopt programs that impact their everyday operations and focus on human behavior.

The recent attacks on the U.S. digital infrastructure through the compromise of SMBs underscore the urgent need to address critical gaps in national cyber defenses. SMBs are essential components of global supply chains, operated by the U.S. government and large corporations, and create potential risks for these organizations if they are not cyber secure.

“We are at an inflection point and the need for action to support SMBs is urgent,” said Kiersten Todt, Managing Director of the Cyber Readiness Institute. “SMBs are critical components of our digital economy and there are fundamental actions we can take to help them become more secure and resilient to make our nation stronger and cyber ready.

In a survey of U.S. SMBs for the White Paper, CRI found that only 18% are confident (strongly agree) that their organization is prepared for a cyber incident and would know how to respond. Additionally, over 70% of U.S. SMBs welcome government efforts to do more to help make organizations in the supply chain cyber ready.

CRI has outlined five policy and program recommendations for the federal government to implement quickly:

  • Create an SMB Cybersecurity Center. Today, no single government agency curates cybersecurity resources, from multiple, vetted sources, for SMBs. Given the ongoing work to support SMBs by the Cybersecurity and Infrastructure Security Agency (CISA) and the recent allocation of additional resources to the agency, CISA is the recommended agency to perform this function.
  • Establish Cybersecurity Incentives. Tax credits to SMBs that invest in cybersecurity can incentivize cybersecurity efforts.
  • Set Cybersecurity Standards. The market needs minimum standards for cybersecurity that all organizations must follow, including SMBs. These standards should be founded in a risk management approach that allows each business to address their cybersecurity vulnerabilities based on their mission, assets, and resources.
  • Launch National Cyber Squads. Expand the existing CyberCorps with government-funded Cyber Squads of student interns to help minority-owned SMBs and to fill a desperately needed talent pipeline. By doing so, we will also be educating the next generation of cyber leaders.
  • Roll Out a National Cyber Readiness Education Campaign. Awareness is critical for SMBs and the entire population. We need an aggressive, accessible, and easy-to-understand nationwide awareness campaign that focuses on a single, impactful cyber issue, such as passwords.

About the Cyber Readiness Institute
The Cyber Readiness Institute is a non-profit initiative that convenes business leaders from across sectors and geographic regions to share resources and knowledge that inform the development of free cybersecurity tools for small and medium-sized businesses (SMBs). CRI was co-founded by the CEOs of The Center for Global Enterprise, Mastercard, Microsoft, and PSP Partners, as a follow-up action from the work of the 2016 Commission on Enhancing National Cybersecurity. Our members also include ExxonMobil, General Motors, and Principal. Our mission is to advance the cyber readiness of SMBs to improve the security of global supply chains. CRI’s resources focus on human behavior and emphasize employee education and awareness. To find out more, visit