Reducing the Cost of CMMC

With the COVID-19 pandemic still affecting the lives of millions of people around the world, it should not be a surprise to hear that small businesses are still hurting. Cybersecurity is still essential to maintaining the industrial supply chain, but many small businesses cannot allocate the money to protect themselves.

Financial Limitations of Small Businesses

Before the COVID-19 pandemic, small businesses were unable to allocate enough of their budget towards cybersecurity. A tiny percentage of companies have a full-time IT or cybersecurity professional on staff. As a result, they are at risk of cyberattacks. Roughly 80 percent of companies with senior cybersecurity employees believed they did not have adequate protection against cyberattacks in 2020. The number of cyber breaches in 2020 reached a record high – a total that was more than the previous 15 years combined. The average data breach cost companies $4 million in 2020.

The financial impact from the pandemic could last years. As a result, the improvement of the Cybersecurity Maturity Model Certification Program is of the utmost importance. However, the COVID-19 pandemic is still causing financial troubles for small businesses in the United States, and most companies will not be able to improve their cybersecurity in 2021.

Reducing the Costs of the Cybersecurity Maturity Model Certification Program

Nearly 75 percent of the supply chain consists of small businesses. Unfortunately, many of these businesses are struggling financially because of the COVID-19 pandemic, making it difficult for them to finance their cybersecurity. That is why Jesse Salazar (the Deputy Assistant Secretary of Defense for Industrial Policy) prioritized managing cybersecurity costs above all else. The number of small businesses in the DIB has shrunk by more than 40 percent over the last ten years, and the pandemic has not helped. According to a survey by Defense One, one in seven companies believe they will never return to pre-pandemic business levels. As a result, the Department will try to balance the need for accountability, keeping in mind that many companies have financial limitations.

With Salazar overseeing the improvements of the CMMC, there is hope that things will get easier for small businesses in the coming years. His statement appears to have outlined that the pandemic has changed the cyber landscape and that things need to change. Though, implementation could take some time.