S. 3024 would direct the Small Business Administration (SBA) and Department of Homeland Security (DHS) to develop a strategy and methods for small business development centers (SBDC) to provide cyber security counseling, awareness, assistance, and training to their clients. It also would direct SBDC’s to provide small businesses with access to cyber security specialists to develop security infrastructure, increase awareness, and improve training programs. S. 3024 would require the Government Accountability Office (GAO) to conduct a study on current federal programs aimed at assisting small businesses with enhancing cyber security. Finally, S. 3024 would authorize DHS, and other federal agencies, to provide information about cyber security risk to small businesses.
Based on information from the SBA and DHS about the resources needed to complete those tasks, CBO estimates that implementing S. 3024 would cost $1 million over the 2017-2021 period, mostly to complete the strategy and develop the report; such spending would be subject to the availability of appropriated funds. Based on the cost of similar studies, CBO estimates that requiring GAO to complete a report would cost less than $500,000. Enacting S. 3024 would not affect direct spending or revenues; therefore, pay-as-you-go procedures do not apply.
CBO estimates that enacting S. 3024 would not increase net direct spending or on-budget deficits in any of the four consecutive 10-year periods beginning in 2027.
S. 3024 contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates Reform Act and would not affect the budgets of state, local, or tribal governments.
On July 7, 2016, CBO transmitted a cost estimate for H.R. 5064, the Improving Small Business Cyber Security Act of 2016, as ordered reported by the House Committee on Homeland Security on June 8, 2016. The two pieces of legislation are similar and CBO’s estimates of the budgetary effects are the same.