A bipartisan duo in the Senate is proposing legislation that would more deeply involve the federal government in companies’ cybersecurity posture.
The Cybersecurity Disclosure Act, proposed by Sens. Susan Collins, R-Maine, and Jack Reed, D-R.I., would require companies to include on federal disclosure forms whether anyone on their boards “has expertise or experience in cybersecurity.”
The intent is to eliminate the possibility of asymmetrical information between shareholders and insiders, Collins said in a statement.
“For decades the Securities and Exchange Commission has had the mandate to make sure investors and shareholders have similar information as insiders,” Collins said. “Unfortunately, the annual disclosures made by publicly traded companies have not kept pace with the pace of technological innovation.
“Our bill fixes that by making sure that firms provide a basic amount of information about the degree to which a firm is protecting the economic and financial interests of the firm from cyber attacks,” Collins added.
If a company does not have a board member with cybersecurity experience, it would require them to explain their reasoning, identify what other “cybersecurity steps” were taken into account by the company, and identify what characteristics were used in “identifying and evaluating nominees” for the board.
In introducing the legislation, Reed expanded on the reasoning behind it. “Investors and customers deserve a clear understanding of whether publicly traded companies are not only prioritizing cybersecurity, but also have the capacity to protect investors and customers from cyber related attacks,” he said.
The proposal follows a year that witnessed egregious cyberattacks against entities ranging from the financial sector to dating websites. Most of the attacks were perpetrated by organized crime seeking financial data or by state-backed actors seeking intelligence information.
Though lawmakers have sought to come up with legislative solutions to diminish the damage caused by those breaches, it remains to be seen whether the Republican-controlled Congress will agree that additional federal reporting requirements would help.
