Bill Would Have Companies Reveal Cyber Expertise

Securities Law Daily provides daily coverage of developments in the regulation of federal, state, and international securities and futures trading, with objective coverage of the...

By Rob Tricchinelli

Dec. 17 — Public companies would have to disclose their board members' expertise in dealing with cybersecurity threats, under a bipartisan Senate bill introduced Dec. 17. 

The still-unnumbered bill would give the Securities and Exchange Commission a year to write a rule requiring the disclosure in companies' annual reports or proxy statements.

‘Prioritizing Cybersecurity.'

The bill was introduced by Sens. Jack Reed (D-R.I.) and Susan Collins (R-Maine).

“Investors and customers deserve a clear understanding of whether public companies are prioritizing cybersecurity and whether they have directors who can play an effective role in cyber-risk oversight,” Reed said in a news release.

If companies have no directors or general partners with relevant experience, they would be required “to describe what other cybersecurity steps” they took in evaluating director nominees.

Aguilar

As the lawmakers focus on companies' handling of cybersecurity threats, outgoing Commissioner Luis Aguilar asked the SEC itself to take a hard look at its data management procedures and beef up its own security measures, especially given the enormous amount of sensitive market data it gathers.

“The Commission would do well to consider an approach that acknowledges the inevitability of a breach and takes appropriate steps to mitigate the resulting damage,” Aguilar, who is leaving the agency at the end of the year, said in a Dec. 16 statement

To contact the reporter on this story: Rob Tricchinelli in Washington at rtricchinelli@bna.com

To contact the editor responsible for this story: Phyllis Diamond at pdiamond@bna.com

For More Information 
For the bill, visit http://src.bna.com/bB1