Floor SpeechBipartisan2026-06-23

SMALL BUSINESS CYBERSECURITY ASSISTANCE EVALUATION ACT OF 2026

Robert P. Bresnahan, Jr.
Robert P. Bresnahan, Jr.
RPA-8 · Representative
Share:
EnvironmentTradeTechnologyInfrastructure

Context

On 2026-06-23, Representative Robert P. Bresnahan, Jr. (R-PA-8) delivered a floor speech titled "SMALL BUSINESS CYBERSECURITY ASSISTANCE EVALUATION ACT OF 2026" in the House.

Full Text

SMALL BUSINESS CYBERSECURITY ASSISTANCE EVALUATION ACT OF 2026

Congressional Record, Volume 172 Issue 105 (Tuesday, June 23, 2026) [Congressional Record Volume 172, Number 105 (Tuesday, June 23, 2026)] [House] [Pages H4146-H4148] From the Congressional Record Online through the Government Publishing Office [ www.gpo.gov ] SMALL BUSINESS CYBERSECURITY ASSISTANCE EVALUATION ACT OF 2026 Mr. WILLIAMS of Texas. Mr. Speaker, I move to suspend the rules and pass the bill (H.R. 8880) to require the Comptroller General to evaluate Federal cybersecurity assistance to small business concerns, and for other purposes, as amended. The Clerk read the title of the bill. The text of the bill is as follows: H.R. 8880 Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``Small Business Cybersecurity Assistance Evaluation Act of 2026''. SEC. 2. GAO STUDY ON SMALL BUSINESS CYBERSECURITY ASSISTANCE. (a) Study.--The Comptroller General of the United States shall conduct a study of current Federal cybersecurity initiatives, programs, resources, tools, and services intended to assist owners of small business concerns (as defined under section 3 of the Small Business Act (15 U.S.C. 632)) with-- (1) identifying cyber risks, cyber threats, and cybersecurity vulnerabilities relating to such concerns; (2) assessing the preparedness of such concerns for such risks, threats, and vulnerabilities; [[Page H4147]] (3) planning for, mitigating, and recovering from cyberattacks and incidents of social engineering, scams, and fraud (including developing, adopting, and implementing cybersecurity measures, training, protocols, tools, and infrastructure); and (4) identifying sources of capital, or obtaining capital, to carry out the activities specified in paragraphs (1), (2), and (3). (b) Required Content.--The study required by subsection (a) shall include-- (1) information on the most common cyberattacks affecting small business concerns; (2) an identification and description of the Federal cybersecurity initiatives, programs, resources, tools, and services included in the study described in subsection (a); (3) an assessment of the awareness and use of such Federal cybersecurity initiatives, programs, resources, tools, and services by small business concerns and reasons for differences in levels of such awareness and use; (4) an assessment of the coordination and integration among such Federal cybersecurity initiatives, programs, resources, tools, and services; (5) an assessment of the effectiveness of such Federal cybersecurity initiatives, programs, resources, tools, and services in assisting small business concerns with the activities listed in paragraphs (1) through (4) of subsection (a); (6) an identification of any foundational cybersecurity concepts absent from such Federal cybersecurity initiatives, programs, resources, tools, and services; and (7) recommendations on how to improve the effectiveness, awareness, and coordination of such Federal cybersecurity initiatives, programs, resources, tools, and services for small business concerns. (c) Report.--The Comptroller General shall submit to the Committee on Small Business of the House of Representatives and the Committee on Small Business and Entrepreneurship of the Senate a report containing all findings and determinations made in carrying out the study required under subsection (a). SEC. 3. COMPLIANCE WITH CUTGO. No such funds are authorized to be appropriated to carry out this Act. The SPEAKER pro tempore. Pursuant to the rule, the gentleman from Texas (Mr. Williams) and the gentleman from Maryland (Mr. Olszewski) each will control 20 minutes. The Chair recognizes the gentleman from Texas. general leave Mr. WILLIAMS of Texas. Mr. Speaker, I ask unanimous consent that all Members may have 5 legislative days in which to revise and extend their remarks and include extraneous material on the bill. The SPEAKER pro tempore. Is there objection to the request of the gentleman from Texas? There was no objection. Mr. WILLIAMS of Texas. Mr. Speaker, I yield myself such time as I may consume. Mr. Speaker, I rise today in strong support of H.R. 8880, the Small Business Cybersecurity Assistance Evaluation Act of 2026, introduced by the gentlewoman from California (Ms. Simon) and the gentleman from Pennsylvania (Mr. Bresnahan), my friends. Small businesses are facing a growing wave of cybersecurity threats from ransomware attacks, phishing scams, and fraud schemes. Unfortunately, many small businesses lack the financial resources and technological expertise necessary to defend themselves against increasingly sophisticated crimes. Data indicates that small businesses are 210 percent more likely to experience a cyber incident than larger companies. At the same time, 51 percent of small businesses reported having no cybersecurity measures in place, leaving them particularly vulnerable to malicious cyber activity. {time} 1530 As artificial intelligence becomes more and more prevalent, threat actors are increasingly using AI-generated content and impersonation schemes to target small business owners and their employees. These developments raise questions about the extent to which existing cybersecurity resources and Federal support adequately address the risks small businesses face. While the Federal Government currently offers a variety of cybersecurity programs, tools, resources, and even services to assist small business, it is often unclear whether businessowners are aware of the resources available, whether they are utilizing them, and whether gaps exist in current Federal efforts. H.R. 8880 takes a practical approach. This bill directs GAO to evaluate how Federal agencies help small businesses identify cybersecurity risks and vulnerabilities, assess preparedness for small businesses to have a plan for and recover from cyberattacks, and access resources needed to strengthen their cybersecurity infrastructure. This legislation also directs the GAO to assess the awareness, coordination, accessibility, and effectiveness of existing Federal cybersecurity assistance programs and identify opportunities for improvement. By examining what works and what needs additional attention, Congress can better ensure that resources reach the small businesses it serves. As cyber threats continue to evolve, small businesses need access to effective tools, training, and resources to protect their operations, employees, and customers. This legislation will provide Congress with valuable information to strengthen cybersecurity assistance and help ensure Main Street businesses are better prepared for the challenges of the digital age. Mr. Speaker, I urge all my colleagues to support H.R. 8880, and I reserve the balance of my time. Mr. OLSZEWSKI. Mr. Speaker, I yield myself such time as I may consume. Mr. Speaker, I am proud to support H.R. 8880, the Small Business Cybersecurity Assistance Evaluation Act of 2026, as amended. Since the COVID pandemic, firms of all sizes have increasingly adopted technology. According to the U.S. Chamber of Commerce, 99 percent of small businesses use at least one tech platform, with 58 percent using at least four, but only one-quarter use cybersecurity tools. This gap creates glaring weaknesses in Main Street America's cyber posture, weaknesses that cybercriminals are all too willing to exploit to steal funds, proprietary information, and other critical assets. While various Federal agencies provide cyber resources, their collective impact needs improvement. The SBA is uniquely equipped with the small business outreach experience and network to help entrepreneurs with these technical matters, leveraging other agencies' expertise. H.R. 8880 will direct the U.S. Government Accountability Office to report on the state of Federal small business cybersecurity resources and make recommendations to optimize their impact and use by small businesses. I thank my colleagues Ms. Simon, Mr. Bresnahan, and Ranking Member Velazquez for bringing this bill to the floor today, and I urge Members to support this bill. Mr. Speaker, I yield such time as she may consume to the gentlewoman from California (Ms. Simon), who is the sponsor of the bill. Ms. SIMON. Mr. Speaker, I thank the gentleman for yielding the time. Mr. Speaker, I rise today in support of my bipartisan legislation, the Small Business Cybersecurity Assistance Evaluation Act. Much has been said, but this bill would direct the Government Accountability Office to conduct a comprehensive assessment of the cybersecurity threats facing our small businesses. It would ensure that Congress has the best data available to protect our small businesses from cyberattacks. Now, we know that small businesses in this country drive innovation, create jobs, and support our communities in every single corner of all 50 States. In my district alone, there are 16,000 small businesses, and we know, as it was said earlier, that approximately 99 percent of small businesses use at least one technology platform. At the same time, cyber threats are becoming more and more sophisticated by the day. Many small business owners do not have dedicated cybersecurity staff or the resources to protect themselves. A single cybersecurity attack could mean the difference between survival and failure for our mom-and- pop businesses residing on our Main Streets. I am very grateful to Congressman Bresnahan for partnering with me to introduce this very important legislation. I thank Chairman Williams and Ranking Member Velazquez for their continued leadership on behalf of America's small businesses. Mr. Speaker, I urge all my colleagues to support this very important legislation. Mr. WILLIAMS of Texas. Mr. Speaker, we must pass H.R. 8880 to help identify gaps, improve coordination, and [[Page H4148]] ensure those resources effectively address cyber threats facing small businesses. Mr. Speaker, I yield such time as he may consume to the gentleman

Referenced legislation: HR8880, HR8880
View original source →