Skip to main content
Unleash your inner leader! 2025 Leadership Masterclass Series Enroll Today

On behalf of our member companies that make NJBIA the largest, most impactful association representing business in New Jersey, we are thankful for the opportunity to submit the following testimony regarding emergent cybersecurity issues and the steps that businesses are actively taking to address a present and ever-increasing threat.

NJBIA’s members include some of the nation’s largest technology and communications providers in the nation, as well as many small and mid-size businesses that rely on that technology. For all of these companies, despite their diversity in size, scope, and practice, cybersecurity is a serious challenge and one where the need for additional information and resources remains significant.

There are three core factors to this issue that I would like to address:

  • Cybersecurity threats are a growing and costly challenge for businesses of all sizes, in all industries.
  • Many businesses are adopting proactive prevention strategies to mitigate the risk of significant harm to themselves and their consumers.
  • Avoiding future harm caused by malicious actors will require continuing education for members of New Jersey’s workforce, as well as investments in public information campaigns and workforce training for information technology professionals.

Threats and CostSince the emergence of the COVID-19 pandemic, estimates suggest that cybersecurity attacks have more than doubled. While phishing attempts remain the most common means of attack, the risks posed by more sophisticated methods utilizing new technology, such as artificial intelligence, are increasing.

The monetary risk posed by these threats can be crippling, especially to small businesses. The National Cybersecurity Alliance recently estimated that cyberattacks cost each American entrepreneur approximately $8,000 annually – with the actual costs to impacted businesses being potentially much higher. A report from IBM and the Ponemon Institute estimated that the average cost for a data breach impacting a business with fewer than 500 employees is nearly $3 million.

In light of these challenges, the business community is staying vigilant and innovative to protect consumers’ private information and data.

Best Practices and Technological Innovation – As previously noted, the most common form of cyberattacks are broad and targeted phishing attempts. Phishing is an attempt to steal sensitive information like usernames, passwords, or bank information, by fooling a user into willingly entering this information into a fake website or program. This means that the most important prevention strategies are often not technological, but human- and culture-driven.

Solutions offered by employers are varied but often take a similar shape. Some examples include:

  • Mandating annual data protection training for all personnel;
  • Offering or requiring employee training on threat detection and reporting;
  • Conducting periodic phishing simulations to ensure proper response from staff;
  • Enforcing stringent guidelines relating to the handling and disposing of sensitive information;
  • Performing regular risk assessments with concurrent mitigation strategies;
  • Treating cybersecurity as a strategic and customer safety priority, not just an IT concern;
  • Integrating cybersecurity into enterprise risk management and governance frameworks; and,
  • Employing full-time information security professionals with sufficient authority and independence to proactively and reactively respond to suspected threats.

To further enhance these efforts, technology teams benefit most from an integrated combination of robust security solutions that provide comprehensive protection. This setup could include managed security services from a reliable provider to bolster or supplement the capabilities of internal teams.

In addition to human solutions, firms are developing new software that can detect and prevent cyberattacks. For example, earlier this year AT&T announced the release of its “Dynamic Defense” software which embeds security directly into the networks that its clients rely on to store data and communicate with coworkers, friends, and family. IBM also recently developed new AI-based threat detection software that can better detect when a cyberattack is attempted. And while artificial intelligence is being harnessed by bad actors to commit attacks, AI technology is also being leveraged to detect and prevent sophisticated strikes.

Workforce Development – What’s clear from these and other initiatives is that preventing and responding to cyberattacks requires all workers, not just those in IT, to be well-informed of potential threats and how to avoid them, as well as a well-trained, qualified information security workforce.

With regards to everyday workers, there is a need for continual education, and opportunities exist for public-private partnerships which would increase awareness among New Jersey residents of the evolving ways which cyber criminals are working to gain access to their information and networks and how to prevent it. The National Cybersecurity Alliance is one example of a successful partnership of this kind operating at the national level, which runs a “National Cybersecurity Awareness Month” and “Data Privacy Week” to try to get this critical message to the public. Still, there is a need for continued outreach and information.

With regard to the direct cybersecurity workforce, the Bureau of Labor Statistics projects information security analysts to be the fifth fastest growing occupation in the nation over the next decade. Despite this, a study from the World Economic Forum in 2023 found that few business leaders feel they have the talent they need to meet the evolving threat of cyberattacks.

New Jersey must continue to invest in workforce training programs and opportunities to get qualified cybersecurity professionals into the workforce, as well as to upskill and reskill existing workers who are interested in transitioning into a new career in the field. NJBIA has been a leader in promoting workforce development issues across industries to meet the needs of a changing economy. The NJ Pathways to Career Opportunities Initiative which is led in partnership with the New Jersey Council of Community Colleges is just one such example, and one where training cybersecurity professionals is embedded into one of four strategic areas of focus.

,

Employment & Labor Law News

View All News

Join a Policy Committee

By joining a NJBIA Policy Committee, you are a member of a select group of members from many different businesses who share a common interest in a particular area of concern.

Member Signup Sign In To be part of a Policy Committee, your company must be a member of NJBIA. Already a member? Simply sign in.
Issue Areas
Education & Workforce Development
Employment & Labor Law
Energy & Environmental Quality
Government Affairs
Health Affairs
Kyle Sullender
Law & Public Safety
Manufacturing
Taxation & Economic Development