Bill Would Have Companies Reveal Cyber Expertise

Stay up-to-date with the latest developments in securities law through access to both news and all statutes and regulations. Find relevant corporate filings through a searchable EDGAR database. And...

By Rob Tricchinelli

Dec. 17 — Public companies would have to disclose their board members' expertise in dealing with cybersecurity threats, under a bipartisan Senate bill introduced Dec. 17. 

The still-unnumbered bill would give the Securities and Exchange Commission a year to write a rule requiring the disclosure in companies' annual reports or proxy statements.

‘Prioritizing Cybersecurity.'

The bill was introduced by Sens. Jack Reed (D-R.I.) and Susan Collins (R-Maine).

“Investors and customers deserve a clear understanding of whether public companies are prioritizing cybersecurity and whether they have directors who can play an effective role in cyber-risk oversight,” Reed said in a news release.

If companies have no directors or general partners with relevant experience, they would be required “to describe what other cybersecurity steps” they took in evaluating director nominees.


As the lawmakers focus on companies' handling of cybersecurity threats, outgoing Commissioner Luis Aguilar asked the SEC itself to take a hard look at its data management procedures and beef up its own security measures, especially given the enormous amount of sensitive market data it gathers.

“The Commission would do well to consider an approach that acknowledges the inevitability of a breach and takes appropriate steps to mitigate the resulting damage,” Aguilar, who is leaving the agency at the end of the year, said in a Dec. 16 statement

To contact the reporter on this story: Rob Tricchinelli in Washington at

To contact the editor responsible for this story: Phyllis Diamond at

For More Information 
For the bill, visit


Request Securities & Capital Markets on Bloomberg Law