COMMENTARY: Small businesses are more than just local establishments—they are the foundation of the U.S. economy and a key pillar of national security. They employ nearly half of the American workforce and contribute more than 43% to the country’s GDP. They drive innovation, job creation, and economic resilience.
Related content:
But as these businesses embrace digital transformation, they become increasingly prized targets for cyberattacks, with consequences that extend far beyond their own operations.
The threats are no longer hypothetical. U.S. intelligence agencies warn that Chinese state-sponsored hackers are embedding themselves in critical infrastructure, waiting for the opportune moment to strike. Groups like Volt Typhoon and Silk Typhoon have already infiltrated utilities, telecommunications, and essential services, sometimes remaining undetected for months.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
For small businesses, a single cyberattack can mean financial ruin—but on a larger scale, these vulnerabilities ripple through supply chains, disrupt critical industries, and weaken national security.
The urgency to act has never been greater. Lawmakers on both sides of the aisle are stepping up with new legislation to improve cybersecurity resilience, expand access to cyber insurance, and protect small businesses from crippling attacks. Meanwhile, the Department of Defense has underscored the national security implications of these threats, recognizing that securing small businesses means securing America itself.
As cyber adversaries escalate their attacks, the U.S. must prioritize small business cybersecurity—not as an afterthought, but as a core national security imperative.
The Heartbeat of Our Economy
Small businesses are the backbone of the U.S. economy and a pillar of national strength. They employ nearly 46% of the American workforce and contribute over 43% to U.S. GDP, driving innovation, job creation, and local prosperity.
With that in mind, protecting small businesses isn’t about inflating priorities; it’s about recognizing that some things truly belong at the top. The growing, sobering risk is evident:
The China Challenge
The cyber threat from President Xi Jinping’s China is strategic, systemic, and accelerating. U.S. intelligence agencies, including CISA, NSA, and FBI, have warned that Chinese state-sponsored actors are pre-positioning in U.S. networks, preparing to disrupt critical infrastructure at a time of their choosing.
Groups like Volt Typhoon and Silk Typhoon, have already infiltrated sectors including energy, telecommunications, water, and transportation. Recorded Future found that Volt Typhoon remained in Massachusetts utilities for nearly a year. CrowdStrike’s 2025 Global Threat Report reveals a 150% rise in Chinese cyber intrusions globally.
This is not hypothetical. States like Maryland, Virginia, and Illinois have suffered real-world consequences from cyberattacks targeting schools, hospitals, courts, and law enforcement agencies. In some cases, vital operations have been paralyzed. Recovery has taken weeks—if not longer.
Cybersecurity Where It Counts
These escalating threats have ignited a long-overdue push to bolster cybersecurity at the state and local levels, where the impact of an attack is often most immediate and severe. During a recent event at the Institute for Critical Infrastructure Technology (ICIT) on energy sector security and resilience, Congressman Suhas Subramanyam (D-VA10) noted that “we think about national cybersecurity in terms of protecting federal government agencies and infrastructure; however, oftentimes, it is local communities and businesses that are the most vulnerable to cyber intrusions.”
His point is critical. From schools and hospitals to small businesses and utilities, local systems are the soft underbelly of national security. Congressman Subramanyam emphasized that assessing vulnerabilities at the state and county levels and closing those gaps is imperative to the safety of the homeland. If we neglect cybersecurity where Americans live, work, and rely on essential services, then we have failed to secure the nation.
That urgency is reflected in recent bipartisan legislative action. Senators Shelley Moore Capito (R-WV) and John Hickenlooper (D-CO) have reintroduced the Insure Cybersecurity Act, which aims to clarify cyber insurance policies, expand access to cybersecurity education, and mitigate the financial impact on small businesses when they are attacked.
“This legislation will assist businesses in better understanding the complex cyber insurance environment [and] lower the cost burden victims must bear when cyber-criminals attack them,” said Sen. Capito.
“Small businesses need cyber insurance to protect their businesses and guard their data,” added Sen. Hickenlooper. “Unclear policies and ambiguous language can leave businesses stranded after a cyberattack.”
Even the Department of Defense (DoD) has recognized the importance of cybersecurity for small businesses to its efforts and our national security. The DoD, Office of Small Business Programs explains that cybersecurity is vital to small businesses because “[c]yber criminals consistently target businesses in an attempt to weaken our nation’s supply chain, threaten our national security, and endanger the American way of life.”
Conclusion
National security is about setting priorities. In Washington, where nearly everything is framed as a national security concern, only a few challenges truly meet that threshold. The cybersecurity of small businesses, which power our economy and are increasingly targeted by foreign adversaries, is one of them. This is not just a technology issue or a regulatory gap. It is a strategic vulnerability we cannot afford to ignore.
The good news is that leaders across the federal government are taking notice—and taking action. Congressman Suhas Subramanyam is sounding the alarm on local vulnerabilities. Senators Capito and Hickenlooper are advancing bipartisan legislation to strengthen small business defenses.
The Department of Defense is making clear that these threats strike at the heart of our national security. That kind of leadership matters.
But it must be met with urgency, coordination, and sustained attention—because the threats aren't slowing down.
Neither can we.
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
