The US government doesn't have the strongest cybersecurity policy right now, but there's at least some progress on that front beyond what's happening at security agencies. The US Senate has passed its version of the NIST Small Business Cybersecurity Act, clearing the way for the bill to become law if and when the President signs it. The bipartisan measure promises smaller companies a consistent, relevant and universal set of NIST-based guidance and resources for protecting their data against online threats.
The House passed its version of the Act in October 2017. It's not certain when the bill might reach the President's desk.
The soon-to-be law isn't going to render small businesses impervious to attack. Many large companies are still grappling with data breaches, and small shops rarely have the sheer amount of staff and money needed to address intrusions. Whether or not the resources help will depend on how easily businesses can find it, too. This Act might close the gap, though, and it's an acknowledgment that your private information is just as sensitive at a tiny startup as it is at a giant corporation.