M E M O R A N D U M

TO:                      Senate Law and Public Safety Committee

FROM:                Hilary Chebra, Manager, Government Affairs, CCSNJ

RE:                      Cybersecurity Measures Affecting New Jersey

DATE:                December 16, 2024

The Chamber of Commerce Southern New Jersey (CCSNJ) is the region’s largest and most influential business organization representing businesses in the seven most southern counties of New Jersey, as well as greater Philadelphia and northern Delaware. The CCSNJ has approximately 1,200 member companies, of which 85 percent are small businesses that employ less than 50 people, as well as 160 nonprofit members. Thank you for the opportunity to address the critical issue of the growing threat of cybersecurity attacks.

Over recent years, South Jersey businesses of all industries — whether small retailers, manufacturers, healthcare providers, or professional services firms — have faced a sharp uptick in ransomware, phishing, and data breach attempts. Cyberattacks disrupt not only business continuity but also damage consumer confidence and regional economic stability.

Small businesses are often disproportionately affected by these cybersecurity attacks. According to a recent study from Accenture, 43 percent of cyberattacks are aimed at small businesses, and only 14 percent are adequately prepared to defend themselves. Additionally, many lack the resources to recover quickly from these incidents.

With cybersecurity threats becoming increasingly sophisticated and frequent, businesses across the region are taking steps to protect their operations, customers, and data integrity. Many businesses are investing in next-generation firewalls, endpoint protection, and network monitoring tools to identify and mitigate threats in real-time. Regular software updates have become standard practices to address known vulnerabilities swiftly.

Additionally, recognizing that human error is a significant entry point for cybercriminals, companies are implementing cybersecurity awareness trainings. These programs teach employees to recognize phishing attempts, manage passwords securely, and understand the importance of data protection.

Small and mid-sized businesses often lack the resources for in-house IT expertise. Many are increasingly partnering with managed security service providers to oversee threat detection, response, and recovery processes. Collaboration with cybersecurity firms allows businesses to benefit from specialized expertise.

We appreciate the legislature’s attention to the business community’s challenges in this space. Collaboration with state government is vital to ensuring businesses have the tools necessary to address this ever-evolving issue. We would like to respectfully recommend the legislature consider legislation creating state-funded cybersecurity grants or tax incentives to help small businesses afford necessary cybersecurity upgrades. As previously mentioned, small businesses are often targeted and have few resources to protect themselves from cyberattacks.

Additionally, we would like to encourage legislation promoting public-private partnerships for cybersecurity training and workforce development. Having a trained workforce in this field is critical to ensuring the resilience and security of our digital infrastructure. By fostering collaboration between government entities, educational institutions, and private sector organizations, we can create comprehensive training programs that address current and emerging cybersecurity threats. This will also help close the growing cybersecurity talent gap. Investing in these partnerships promotes innovation, enhances security, and ensures that businesses and government agencies have access to qualified professionals who can effectively mitigate cyber risks.

We look forward to continued support and stand ready to work with the legislature to provide resources for the business community to maintain robust defenses against the evolving cyber threat landscape.