Corporate Counsel Question Need for Senate Cyber Bill

Stay current on changes and developments in corporate law with a wide variety of resources and tools.

By Che Odom

April 11 — Chief corporate legal officers say a Senate bill (S. 2410) encouraging companies to get more cybersecurity experts on their boards may be overkill when consultants are available.

“If you are not in real-time work in cyber, as part of your profession, then you are behind what’s going on,” Steve Walker, general counsel of the National Association of Corporate Directors, said April 11 at an Association of Corporate Counsel meeting in New York. “It is better for a board to seek advice from an expert.”

A board member with cybersecurity expertise makes sense for a certain set of companies, such as those that provide cyber protection, but boards of most companies would benefit more from engaging with a professional adviser, Walker and others speaking at the conference said.

“It is far too specific for board members,” said George Bass, general counsel of the Wawanesa Insurance group of companies. “Having the board of directors contract with a consultant, who can be in direct contact with the board, would be better” than trying to find experts to serve on the board.

Bass added that the board also may hold in-camera sessions with the consultant, without management present.

Bipartisan Legislation

The general counsel were commenting on a bill introduced in December by Sens. Jack Reed (D-R.I.) and Susan Collins (R-Maine) that would require publicly traded companies to disclose the cybersecurity expertise of their directors . Companies also would be required to report what steps they are taking to identify or evaluate director nominees on their cybersecurity knowledge.

The goal of the legislation is to boost transparency in public companies' oversight of cybersecurity risks. Given the current state of Congress, the bill has little chances of passing despite bipartisan sponsorship.

Walker, who trains corporate boards on best practices in a range of areas, said cybersecurity is a field that changes daily, so directors should engage with professionals who are absorbed in the subject matter rather than attempt to find someone to join their ranks.

Margaret Foran, senior vice president, chief governance officer and corporate secretary of Prudential Financial Inc., suggested directors listen to their chief technology officers closely, then consult outside experts to “certify what's being said.”

To contact the reporter on this story: Che Odom in Washington at

To contact the editor responsible for this story: Yin Wilczek at

Request Corporate on Bloomberg Law