Big Security for Small Business

by Matthew Schroeder and Matt Sievers, with support from Olivia Erickson and Alexander Romero

Download Executive Summary


Small businesses face a difficult challenge — they are held to similar cybersecurity standards as large enterprises but lack similar resources. They are also frequently the targets of automated exploitation by cyber criminals. As such, small businesses are at high risk for business failure in the event of a breach. This project recommends updating government procurement policies — especially at the state and local levels — to require minimum cybersecurity standards for all contracts, including small businesses. Additionally, it recommends the adoption of curated tools specifically designed to help small businesses meet these minimum standards. By simultaneously increasing the cost of non-compliance and reducing the friction of implementation, these proposals will improve the overall cybersecurity posture of many small businesses.

Click below to view various resources for both businesses and policy makers, including a draft cyber policy document, a policy brief, templates for small businesses to self-certify and to plan out their cybersecurity, as well as a website resource guide for small businesses to self-educate and assess their own cyber security risk.


Visit the Website
Read the Policy Brief
View the Template Cybersecurity Plan
Read the Cybersecurity Policy Mapping
View the Eat Hackers for Lunch Operational Plan
View the Vendor Cybersecurity & Contract Language
View the Vendor Self-Certification
View the One-Pager for Small Businesses
Take the Self-Assessment