Small businesses are particularly vulnerable to cyber attacks. The National Cyber security Alliance has found that 60% of small businesses are forced to close following a cyber attack, making support of this legislation both pro-business and pro-security.

In the letter, ASIS International CEO Peter J. O'Neil says, "This legislation emphasises years of cooperative efforts by industry and government to produce risk management tools that support the cybersecurity needs of these small to medium businesses."

The MAIN STREET Cybersecurity Act is a follow-on to the Cybersecurity Enhancement Act of 2014, which codified the industry-led process for the NIST Cybersecurity Framework. The new legislation will ensure NIST considers the needs of small businesses and provides additional, simplified resources to improve the ability of these businesses to use the framework.

ASIS's letter restates its long-standing commitment "to promoting the use of best practices and voluntary guidance, such as the framework, provided by both the public and private sectors to assist businesses of all sizes in managing cyber risk."