Small Business Cybersecurity Assistance Evaluation Act of 2026

The Comptroller General of the United States shall conduct a study of current Federal cybersecurity initiatives, programs, resources, tools, and services intended to assist owners of small business concerns (as defined under section 3 of the Small Business Act (15 U.S.C. 632)) with—

(1) identifying cyber risks, cyber threats, and cybersecurity vulnerabilities relating to such concerns;

(2) assessing the preparedness of such concerns for such risks, threats, and vulnerabilities;

(3) planning for, mitigating, and recovering from cyberattacks and incidents of social engineering, scams, and fraud (including developing, adopting, and implementing cybersecurity measures, training, protocols, tools, and infrastructure); and

(4) identifying sources of capital, or obtaining capital, to carry out the activities specified in paragraphs (1), (2), and (3).

The study required by subsection (a) shall include—

(1) information on the most common cyberattacks affecting small business concerns;

(2) an identification and description of the Federal cybersecurity initiatives, programs, resources, tools, and services included in the study described in subsection (a);

(3) an assessment of the awareness and use of such Federal cybersecurity initiatives, programs, resources, tools, and services by small business concerns and reasons for differences in levels of such awareness and use;

(4) an assessment of the coordination and integration among such Federal cybersecurity initiatives, programs, resources, tools, and services;

(5) an assessment of the effectiveness of such Federal cybersecurity initiatives, programs, resources, tools, and services in assisting small business concerns with the activities listed in paragraphs (1) through (4) of subsection (a);

(6) an identification of any foundational cybersecurity concepts absent from such Federal cybersecurity initiatives, programs, resources, tools, and services; and

(7) recommendations on how to improve the effectiveness, awareness, and coordination of such Federal cybersecurity initiatives, programs, resources, tools, and services for small business concerns.

The Comptroller General shall submit to the Committee on Small Business of the House of Representatives and the Committee on Small Business and Entrepreneurship of the Senate a report containing all findings and determinations made in carrying out the study required under subsection (a).