Cybersecurity has continually increased in priority and spending in recent years. Industry insights show that the federal government had to pay more than 13.7 billion dollars to counter cyberattacks in 2018. Looking forward to 2021, the U.S. is expected to spend more than 92 billion dollars on cybersecurity.
Both U.S. businesses and government institutions are working every day to protect us from foreign and domestic cyber threats. In 2019 alone, the U.S. experienced more than 1,400 data breaches that exposed over 164 million sensitive records. We must address the undeniable reality that adversaries will continue working tirelessly to infiltrate our country’s security systems and immediately combat this issue on all fronts.
Among the most vulnerable and common avenues for hackers to infiltrate the U.S. are through American businesses. Recent breach reports for 2021 already include a variety of public officials and companies that have fallen victim to major cyberattacks.
For example, the SolarWinds breach went undiscovered for months before being addressed and left 18,000 of their customers at risk of being exposed to hackers, including Fortune 500 companies and U.S. government agencies. These sorts of attacks pose a risk not just from a national security perspective, as many government contractors struggle to shore up their defenses, but they also create an economic quandary. If American businesses are wounded, so is our country’s financial standing, a notion we simply can’t settle for.
In order to combat these threats, the Biden administration and state governors across the country should immediately work to foster deeper relationships with the private sector. Tech and government certainly don’t always get along, but the threats we face now require a national effort that would rival the Space Race of the 1960s.
This can be done through state and federal governments offering financial incentives to businesses that prioritize the development and integration of cybersecurity measures, amplified communication from the government concerning the importance of cybersecurity, as well as the potential bolstering of compliance standards to minimize threats and the negative impact of breaches.
The bright minds at many of our country’s own small and medium-sized businesses can surely reinforce America’s cybersecurity.
To incentivize the research and development of cyber solutions in America, the U.S. government has implemented permanent provisions within the U.S. Tax Code that provide lucrative funding to companies in this category that revolutionize the way we fight cyber threats. The most lucrative opportunity available to cyber leaders today is the Section 41 Research and Development (R&D) Tax Credit.
Now more than ever, cyber companies should leverage this as a resource to invest in innovation efforts necessary to scale their research and get viable cybersecurity measures to market. This credit is regularly increasing in popularity, which should be a clear indication to start amplifying the momentum behind these incentives and reward even more innovations.
Initial qualifying factors for the credit are quite simple—if a company’s workers are contracted to design and/or install custom solutions that improve or enhance a clients’ cyber safety, they are positioned for substantial tax relief.
Communication is key in this situation. We want to be proactive and not reactive when it comes to how we deal with cybersecurity. The government needs to be transparent about cyber threats early on so that U.S. businesses can get a head start in developing the solutions that combat these threats. Taking a preventative approach can provide experts with the time they need to address any potential issues before they become a real problem.
Another important part of this relationship is trust. Understandably, the government will be hesitant to divulge sensitive information regarding the nation’s security within the private sector. However, there is no way to nip these threats in the bud if cyber companies are not regularly informed.
The government has set forth a new compliance standard that companies must meet in order to be contracted by the Department of Defense (DoD). This new standard, CMMC, the Cybersecurity Maturity Model Certification, was launched to force contractors to meet the guidelines set forth by the Defense Federal Acquisition Regulation (DFARS).
There are five (5) levels of CMMC certification.
- Level 1 – Basic Cyber Hygiene
- Level 2 – Intermediate Cyber Hygiene
- Level 3 – Good Cyber Hygiene
- Level 4 – Proactive
- Level 5 – Advanced/Progressive
CMMC is gaining traction a year in the making and will surely revolutionize the way cyber companies generate business within the private sector as well. Businesses that achieve the highest levels of compliance in this category will always be a step above companies who don’t prioritize this verification mechanism. Companies should not be surprised to see CMMC appear in Requests for Information (RFIs) and Requests for Proposal (RFPs) moving forward.
Cyber companies are actively competing for new DoD contracts and as mentioned above, CMMC compliance is going to set a new standard within the commercial cybercrime economy as well.
Today, almost every entity in the public and private sectors is undergoing a digital transformation—especially amidst a global pandemic. Companies have been forced to pivot to digital operations for the foreseeable future. The need to transfer confidential information safely across teams in the digital landscape has never been more essential. With this modern way of operating, many companies will find themselves even more vulnerable to cyber threats.
Breaches occur when hackers prey on the vulnerable. These criminals do not sleep, and the Department of Defense simply cannot be responsible for protecting all U.S. entities from harm. This effort to combat foreign and domestic threats requires a working relationship between the government and private industry.
No matter if you are in the public or private sector, we can all come together to work towards a common goal of safety and security. By way of tax incentives, compliance, and establishing healthy communication between the government and U.S. businesses, we can set up a strong line of defense for years to come.
In the end, the more we do today to strengthen our defenses, the safer our country will be tomorrow.