Cybersecurity: Senate Bill Would Require Disclosure of Whether Your Board Has Expertise : TheCorporateCounsel.net Blog

December 29, 2015

Cybersecurity: Senate Bill Would Require Disclosure of Whether Your Board Has Expertise

As noted in this Cooley blog, there could be Congressional action in the area of cybersecurity disclosure soon enough. Here’s an excerpt from the blog:

Senators Jack Reed and Susan Collins have introduced the bipartisan “Cybersecurity Disclosure Act of 2015”, a bill to promote transparency in the oversight of cybersecurity risks at publicly traded companies. According to the press release, the bill is designed to ensure that public companies “provide a basic amount of information about the degree to which a firm is protecting the economic and financial interests of the firm from cyber attacks.” In addition, the bill “seeks to strengthen and prioritize cybersecurity at publicly traded companies by encouraging the disclosure of cybersecurity expertise, or lack thereof, on corporate boards at these companies.”

If ever enacted, this legislation would require companies to disclose – in their SEC filings – whether they have a director who is a “cybersecurity expert” – and if not, why having this expertise on the board isn’t necessary because of other cybersecurity steps taken by the company. The bill would require the SEC and the National Institute of Standards and Technology to provide guidance on the qualifications necessary to be a cybersecurity expert. This Jones Day piece by Mauricio Paez & Randi Lesnick criticize the bill…

It’s Here! “The Cybersecurity Act of 2015”

Congress & President Obama did enact a cybersecurity piece of legislation recently. One part of the omnibus appropriations bill is the “Cybersecurity Act of 2015.” As noted in the memos we are posting in our “Cybersecurity” Practice Area, the Act addresses the sharing of information between the public and private sectors about cyber threats (including privilege and confidentiality implications), liability protections for companies that monitor, how to share or receive cyber threat information and much more…

SEC Commissioner Aguilar Talks SEC’s Own Cybersecurity Risks

In this statement, SEC Commissioner Aguilar talks about the agency’s need to focus on its own cybersecurity profile. As I’ve blogged before, I think it’s just a matter of time before Edgar is hacked…if it hasn’t been already…

Yesterday, the SEC delivered its annual report on credit rating agencies to Congress…

– Broc Romanek