Buy Maryland Cybersecurity Tax Credit

Among the various tax credits and incentives administered by the Maryland Department of Commerce, one of the newest is the Buy Maryland Cybersecurity (BMC) Tax Credit created in 2018. In brief, Qualified Maryland Companies who purchase cybersecurity technologies and/or services from a Qualified Maryland Cybersecurity Seller may be eligible to claim a tax credit up to $50,000 per tax year.

The credit is 50% of the net purchase price of cybersecurity technologies and services up to $100,000 that is paid between May 15, 2018 to December 31, 2018 for tax year 2018.  An early December 2018 call to the Maryland Department of Commerce produced information that the credit is still available for late year purchases made in 2018.

For 2019, purchases made from January 1, 2019 to December 31, 2019 may be eligible for the tax credit. The 2019 Maryland legislature will fund the credit for the upcoming year. As the popularity of the credit increases, 2019 requests for credit may be greater than the funding. Since the credit is on a first come, first served basis, claiming the credit early in 2019 will help assure that you get your credit.

Who Qualifies for the Credit?
A Qualified Maryland Company, the buyer of the services or technology, is an entity that has fewer than 50 employees and is required to file a Maryland income tax return. If this company purchases cybersecurity technologies and services from a Qualified Maryland Cybersecurity Seller, the buyer may be eligible for receiving a credit against Maryland income taxes.

What Vendors and Technologies Qualify for the Credit?
An official list of sellers is posted on the Maryland Department of Commerce website. Eligible cybersecurity technologies are defined as products designed to detect and prevent unauthorized access to information systems, stored data, and information, and the transfer of data and information; data exfiltration or extrusion; or manipulation or impairment to the integrity, confidentiality, or availability of data and information stored or transferred by an information system.

To be considered a qualified cybersecurity service, the Cybersecurity Seller must perform an activity identified by the National Institute of Standards and Technology’s (NIST) most recent Cybersecurity Framework.

A single Qualified Maryland Cybersecurity Seller may have up to $400,000 in cybersecurity sales benefit from the tax credit in a single tax year. Once an aggregate of $200,000 in tax credits are claimed for the purchase of cybersecurity technologies or services from a single Qualified Maryland Cybersecurity Seller in a tax year, additional purchases from that Qualified Maryland Cybersecurity Seller in that tax year are not eligible for the tax credit.

How Do You Receive the Credit?
To receive the credit the company must submit a paper application with the Department of Commerce to receive a certificate that will be submitted to the Comptroller of Maryland when its state income tax return is filed. The invoice and proof of payment for the amount paid in the tax year must be maintained and provided with the application. The credit will be awarded to applicants on a first come first served basis and are subject to available funds. Twenty-five percent of the annual funds are available to cybersecurity services and seventy-five percent of the annual funds are available to cybersecurity technologies. Applications to receive the credit for the 2018 tax year is January 31, 2019.

Cybersecurity technology sellers and service providers may apply for certification to be listed as a Qualified Maryland Cybersecurity Seller by submitting a paper application with the Department of Commerce.

What Does This Mean for Your Business?
Organizations who are looking to tighten their cybersecurity posture should consider this credit. Smaller organizations tend to overlook the importance of certain necessary cybersecurity processes because the common feedback regarding being hacked is “that would never happen to us.” However, it is because of the likelihood that smaller organizations do not have, multifactor authentications therefore dramatically increasing the likelihood to getting hacked, email phishing defense which is typically how most of these businesses get compromised, and proper business grade firewalls that can detect and block attacks. It is important to note, we do not suggest spending money on any technology without having an overall holistic technology strategy in place as this could lead to issues. It is important to go through a technology assessment to understand how to most effectively take advantage of the credit.

If you would like more information about this tax credit and how it could be of benefit to your business please contact us.

Cybersecurity Quantifying Vulnerabilities, Qualifying Readiness.png