Maryland’s Landmark Legislation: Cybersecurity Now More Attainable for Small Business

Original article posted on

It is no secret that most small businesses nationwide are vulnerable to cyber-attacks, and fortunately for Maryland, stakeholders wanted to do something about it. Championed by elected officials – both Republicans and Democrats – with support from the Cybersecurity Association of Maryland, Inc. (CAMI), the Better Business Bureau (BBB) of Greater Maryland, the Maryland Department of Commerce and other stakeholders, Maryland took the much needed steps to incentivize small businesses to become cyber secure.
Photo courtesy of the Executive Office of the Governor.

On April 9, 2018, the final day of the 2018 Maryland legislative session, Maryland passed Senate Bill (SB) 228, the Cybersecurity Incentives Tax Credit Bill. This bill provides a tax credit to individuals and entities looking to invest in innovative Maryland cybersecurity technologies and provides a landmark cybersecurity tax credit to alleviate costs associated with the purchase of cybersecurity solutions for Maryland businesses with fifty or fewer employees.

“No state is better positioned – or better equipped – than Maryland to address cybersecurity challenges and strengthen the security of our nation,” said Governor Hogan. “Working with leaders in our cyber sector, the legislature, and other partners, we have created a program to encourage small businesses across our state to take the steps necessary to protect their data. With this new tax credit, Maryland continues to cement our position as the Cyber Capital of America.”

CAMI is a non-profit 501(c)6 trade organization focused on connecting Maryland’s cybersecurity companies with businesses, government agencies, academic institutions and non-profit organizations that need cybersecurity solutions. With guidance from an Annapolis-based government relations firm, CAMI worked intently to ensure that SB228 considered the needs of the cyber community and to see that it passed in its first year introduced. CAMI Executive Director Stacey Smith said, “With our proximity to the nation’s leading federal security agencies and our stellar academic institutions, Maryland is home to some of the most innovative and skilled cybersecurity technology and service providers. Who better to protect Maryland businesses than our state’s own cybersecurity companies?” Representative of a growing membership of more than three hundred ninety Maryland based cybersecurity companies and hundreds of commercial businesses, CAMI became a leading voice for SB228 and leveraged additional support from the BBB of Greater Maryland. Shedding light on the business members’ immediate cybersecurity needs and concerns was instrumental to passing the bill.

As Kathleen Bridgeman, Co-Owner and Director of Financial Services for a small 25-year-old water filtration company and Board Member of the BBB shared, “As business owners, we focus on core issues like business growth, customer and employee retention, and fleet management, among other things. All too often, cybersecurity takes a back seat even though small businesses are increasingly the focus of cyber-attacks because we are easier targets. At our company, we collect personal and financial data from our clients and know it is our responsibility to protect that information. That’s why we reallocated funds in our budget for services from a cybersecurity firm. Yet, news coverage of ransomware, malware and other cyber-attacks still keeps me up at night. I think, ‘Are we safe? Have we done enough?”

Even with an abundance of community support however, some of the most well intended bills are destined to fail without the proper legislative support and advocacy. Maryland State Senator, Guy Guzzone (D), reached across the isle with other legislators, along with Governor Larry Hogan (R) and his Administration, considered aspects of two originally separate bills; one introduced by Senator Guzzone and another by the Governor’s Administration. The parties put aside politics to craft one bill to benefit the State’s businesses and Cybersecurity industry. The bi-partisan cooperation among elected officials was a critical aspect of this bill. As Senator Guzzone noted, “Cybersecurity is a critical industry to Maryland’s economic vitality in many ways. By the time our discussions wrapped up, we had a bill that would not only help our small businesses be more cyber secure but would also help our cybersecurity companies grow. It was a win for everyone.”

According to a 2017 report by the Council of Better Business Bureaus, small businesses are becoming more aware of cyber threats, but lack the necessary resources and expertise to advance their cybersecurity efforts. “Of the 1,000+ businesses surveyed, 76% reported convenience was important when selecting a cybersecurity provider, and more than half said they could only remain profitable for less than a month if they lost essential data,” said Jody Thomas, VP, Communications and Marketing at the BBB of Greater Maryland. With a mission to increase marketplace trust, the BBB testified in support of SB228 and now remains active and vigilant about informing its 2,600+ small business members about the unique tax credit opportunity.

CAMI was less than three years old when it became involved in the 2018 Maryland legislative session. “You could say we ourselves were a start-up, much like many of the almost four hundred Maryland cybersecurity company members of our organization,” remarks Smith. “And much like Maryland small businesses who will tell you they ‘don’t have a budget for cybersecurity,’ we did not have funds earmarked for cybersecurity related legislative efforts. We knew this bill was important to our members and the small business community statewide, so we engaged a government relations firm and made legislative advocacy a priority.”

The Cybersecurity Incentives Tax Credit will enable small businesses to be proactive about cybersecurity and help make resources and services be more financially attainable. Under the bill, Maryland small businesses that purchase their cybersecurity solutions, including products or services, from eligible Maryland cybersecurity providers can claim a state income tax credit equal to 50% of the cost for the purchase up to a maximum of $50,000. The program is being administered through the Maryland Department of Commerce. To become a designated qualified cybersecurity company (approved seller) or for small businesses to apply for the tax credit, more specific details, FAQ’s and applications can be found at

“Collaboration and cooperation were the name of the game in getting this bill passed,” notes Smith, “and our organization is looking forward to that continuing as we work with organizations like the BBB to make Maryland’s small businesses aware of this new tax credit program and connect them to our state’s many cybersecurity providers. Together, we can help ensure a more cyber secure Maryland.”

Posted on October 10, 2018 by Samantha Conklin