Small Businesses Create Big Impact: NIST Celebrates 2025 National Small Business Week

This week we’re celebrating National Small Business Week—which recognizes and celebrates the small and medium-sized business (SMB) community’s significant contributions to the nation. SMBs are a substantial and critical part of the U.S. and global economic and cybersecurity infrastructure. According to the U.S. Small Business Administration’s Office of Advocacy,[1] there are 34.8 million SMBs in the United States (making up 99% of all U.S. businesses). Of those, 81.7% are non-employer firms with no paid employees other than the owners of the business. These businesses, though small in size, are represented in every industry and sector of the economy and contribute significantly to the Nation’s innovation and industrial competitiveness. 

To honor this important week, we’re highlighting some of our recent and upcoming NIST SMB cybersecurity resources and events.

What’s Happening this Week

Today, you can watch a livestream of our in-person event at the NIST National Cybersecurity Center of Excellence (NCCoE): Resources and Approaches for Strengthening Small Business Cybersecurity from 11:00 AM – 1:00 PM EDT. This event will feature a panel discussion with local and regional experts about strengthening the cybersecurity posture of the SMB community and a series of lightning talks will highlight opportunities for the SMB community to engage with NIST’s cybersecurity efforts.

Looking Beyond National Small Business Week

NIST’s SMB cybersecurity outreach program extends beyond National Small Business Week to provide events and information all year long. Here are a few recent items you may have missed, in addition to some upcoming resources:

Sharing Cybersecurity Basics for Small Businesses

Credit: NIST

• Coming up: On August 14, 2025, we’re hosting a NIST SMB cybersecurity webinar, Protecting Your Small Business from Phishing Risks. Register. A panel discussion during this webinar will cover:
  • An overview of different types of phishing attacks in addition to modern, real-world examples;
  • Why it’s important to be proactive in protecting your business against phishing;
  • Tips for how to spot a phishing attempt and steps to take if you are scammed;
  • Practical steps SMBs can take to reduce the likelihood of falling victim to phishing attempts; and
  • Available free phishing resources for businesses for staff training.
     
• In case you missed it: We published Draft NIST 7621 R2, Small Business Cybersecurity: Non-Employer Firms on May 1, 2025. This report is designed to help small firms (those with no employees, or “non-employer” firms) use the NIST Cybersecurity Framework (CSF) 2.0 to begin managing their cybersecurity risks. The goal of the publication is to introduce fundamentals of a cybersecurity program, in non-technical language, at the earliest stage of a business to set a solid cybersecurity risk management foundation. The comment period is open through June 30, 2025. 

Expanding the Reach of the CSF 2.0 to the SMB Community

• Coming up: On May 20, 2025, NIST is hosting the second event in our CSF 2.0 webinar series. This webinar will provide a deep-dive into the new CSF 2.0 Govern Function. This Function was elevated from a ‘Category’ to a ‘Function’ in CSF 2.0 to highlight the importance of ensuring cybersecurity capabilities support business risk. Organizations large and small are invited to participate. Register.
   
• In case you missed it: The CSF 2.0 Small Business Quick Start Guide (QSG) is one of our most-downloaded CSF 2.0 resources. Translations of CSF resources help expand the use of our cybersecurity and privacy resources globally and help improve U.S. company engagement in global markets. In addition to the English version, translations of the SMB QSG are now available in French, Japanese, Portuguese, and Spanish. View all CSF 2.0 SMB QSG translations.

Supporting SMB Cybersecurity and Workforce Development

• Coming up: On June 1, 2025, we will be facilitating a pre-conference workshop at the 2025 NICE Conference and Expo in Denver, Colorado. Our Supporting Small Business Cybersecurity Through Learner-Centered Services and Experiences session will showcase various innovative regional models that serve to benefit SMBs while providing hands-on learning experiences for learners. 
   
• In case you missed it: On February 6, 2025, we hosted a webinar on how university-based cybersecurity clinics are supporting both workforce development and SMB cybersecurity. Multidisciplinary teams of students worked with faculty, providing no-cost cybersecurity services to the region’s small, under-resourced organizations. View the recording.