According to the Q4 MetLife/U.S. Chamber of Commerce Small Business Index, over half of SMB owners are spending increasing amounts of time and money navigating compliance requirements across various industries. While these regulations aim to protect client data, intellectual property, and security, business owners continue to struggle with balancing the resources required for these necessary obligations. Many now view compliance as a full-stop barrier to growth, with the costs of keeping up with constantly changing regulations weighing heavily on operations.
The challenge lies in protecting consumers without stifling innovation and productivity.
Cybersecurity Continues Its Rise
The survey found that 53% of business owners identified cybersecurity as their most time-consuming compliance issue, particularly in manufacturing and vendor industries, where supply chain security is critical.
For some businesses, especially smaller ones with limited financial resources, overregulation can serve as a competitive barrier—driving up costs to the point where staying compliant becomes prohibitive.
Over the past six years, the government has continued to make changes to the CMMC (Cybersecurity Maturity Model Certification), making it a moving target for businesses trying to achieve compliance across processes, procedures, and costs.
Industries like healthcare, finance, and retail have long been required to follow regulatory guidelines protecting consumer data, but the growing complexity of cybersecurity laws has added to the burden.
The Future of the Regulatory Landscape
2025 will bring significant changes to both existing regulations and new policy development under the new administration. Two key areas of focus: AI and cybersecurity.
The U.S. has adopted a fragmented approach to regulation, relying on executive orders, agency rules, and state-level laws. The Biden administration’s Blueprint for an AI Bill of Rights laid out ethical guidelines, but the incoming administration may scale back federal oversight. The repeal of the Chevron Doctrine has further complicated the landscape by limiting federal agencies’ ability to interpret laws, potentially shifting more AI and cybersecurity regulations to the state level.
State-level cybersecurity laws already present a major challenge for businesses operating across multiple states. California’s CCPA takes a broad consumer protection approach, while states like Florida focus more narrowly on big tech oversight. In 2024 alone, 45 U.S. states introduced nearly 700 AI-related bills, with 113 enacted, highlighting the growing complexity of compliance.
At the federal level, CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) is expected to take effect in late 2025, but its future remains uncertain under a deregulation-focused administration. A potential rollback of federal cybersecurity disclosure rules could further shift the compliance burden onto state regulators, making the landscape even more challenging for businesses.
The Impact on Cybersecurity and Business Innovation
Regulatory uncertainty creates major challenges for cybersecurity teams and AI-driven businesses. Organizations must navigate a fragmented web of global, federal, and state-level regulations—balancing compliance requirements with the need for innovation. Some may choose to follow the strictest regulations as a baseline, while others may limit operations in highly regulated regions to reduce compliance risks.
The coming years will be a test of whether global AI and cybersecurity regulations can strike the right balance between safety, innovation, and business viability—or if regulatory complexity itself will become a roadblock.
Solutions for SMBs
At DoubleChecked, our mission is to make enterprise-grade cybersecurity solutions accessible, affordable, and effective for small-to-medium businesses. We leverage the latest AI-powered applications and integrations to secure your email, cloud, network, devices, and employees—helping you strengthen security protections and maintain compliance so you can focus on growing your business.
We work with companies across industries, including manufacturing, healthcare, legal, finance, retail, and construction, to create tailored solutions that provide business owners with peace of mind. Our approach ensures compliance with industry regulations while minimizing the financial and reputational risks of cyberattacks.