The “Small Business Cybersecurity Act of 2024”: What is it?
Efforts are underway to help small businesses tackle the costs of meeting Cybersecurity Maturity Model Certification (CMMC) requirements, with a proposed tax credit aimed at the smallest defense contractors.
The “Small Business Cybersecurity Act of 2024,” still in draft form, aims to ease the financial strain that CMMC places on small businesses. Introduced by Rep. Scott Fitzgerald (R-Wis.), the proposed legislation would give companies with 50 or fewer employees the chance to claim up to $50,000 in tax credits. These funds could help cover the cost of CMMC assessments and fix any cybersecurity gaps identified during the process.
While the bill likely won’t make it into the fiscal 2025 defense authorization package, it may be part of larger tax discussions next year. Still, with CMMC not yet fully implemented, some uncertainty remains about whether the credit will come to fruition. As one insider put it, “Lawmakers are still figuring out how this will impact small businesses as the program rolls out.”
How Is the Tax Credit Designed to Support Small Businesses?
CMMC is a program designed to help defense contractors meet important cybersecurity standards, but it’s been a work in progress for several years. Even with efforts to simplify the process, small businesses still face big challenges—especially when it comes to the high costs of compliance.
According to the Department of Defense (DoD), getting certified at Level 2 could cost a small business around $101,000. This includes preparation, assessments, and hiring outside experts to evaluate their systems.
The proposed tax credit is meant to ease some of this financial burden. Small businesses could get up to $50,000 to help cover these costs, while still being encouraged to invest in strong cybersecurity practices. The goal is to offer meaningful support while staying mindful of budget constraints that small businesses deal with.
What Is the Government and Industry’s Perspective on the Tax Credit?
DoD officials, including Stacy Bostjanick, Deputy Chief Information Officer for Cybersecurity, have expressed support for initiatives like the tax credit. At a recent Federal News Network event, Bostjanick shared the department’s dedication to finding every possible way to lighten the load for small businesses when it comes to compliance.
“There’s a tax incentive going through Congress now that we fully support,” Bostjanick said. “We’re actively looking for ways to help small businesses manage these costs while maintaining robust cybersecurity standards.”
Experts in the defense sector, including Bob Metzger of law firm Rogers Joseph O’Donnell, have been involved in shaping the proposed legislation. Metzger highlighted the importance of targeting assistance to the smallest companies, many of which are critical to the defense supply chain. “This bill is crafted to provide meaningful relief to very small businesses while respecting fiscal constraints,” he said.
With 70% of small defense businesses employing fewer than 50 people, according to a 2020 survey by National Defense Magazine, this tax credit could provide a lifeline for many organizations navigating CMMC requirements.
As discussions around the bill continue, small businesses and their advocates are watching closely, hoping these measures will help them stay in the defense industry while meeting important cybersecurity standards.