Cybersecurity and Data Privacy: New Cybersecurity Bill Introduced in Senate Would Effectively Force Public Companies to Address Cybersecurity Through SEC Disclosures (1/16)

Michael Billok, Matthew Wells
Bond Schoeneck & King PLLC
Contact
LinkedIn
Facebook
X
Send
Embed

In response to the increase of cybersecurity attacks and data breaches in recent years, some companies have begun to recruit cybersecurity experts to their board of directors. On December 17, 2015, U.S. Senators Jack Reed (D-RI) and Susan Collins (R-ME) introduced the bipartisan Cybersecurity Disclosure Act of 2015, purportedly as an attempt to prioritize cybersecurity issues at publicly traded companies. The bill would require publicly traded companies to disclose, through their Securities and Exchange Commission (SEC) filings, whether any member of the company’s Board of Directors is a cybersecurity expert, and if not, why having this expertise on the Board is unnecessary. This disclosure is the only required action a public company would be required to take under the proposed legislation. The Bill also requires that the SEC, working with the National Institute of Standards and Technology, define clearer guidelines on what constitutes cybersecurity expertise or experience.

Sen. Reed stated that the impetus for this bill was that "[i]nvestors and customers deserve a clear understanding of whether publicly traded companies are not only prioritizing cybersecurity, but also have the capacity to protect investors and customers from cyber related attacks." In a press release issued by Sen. Reed, it was noted the National Association of Corporate Directors estimates that just 11% of publicly traded companies reported a high-level understanding of cybersecurity. The Cybersecurity Disclosure Act of 2015, therefore, seeks to encourage corporate boards to ensure that they have the expertise needed to identify cybersecurity risks and implement strong defenses.

Additionally, President Obama recently signed into law an omnibus spending bill which included the controversial Cybersecurity Information Sharing Act of 2015 (CISA) that was passed by the U.S. Senate on October 27, 2015, as described in a previous Bond Informational Memo. The Cybersecurity Disclosure Act of 2015 exemplifies another attempt to curtail the incessant cyber-attacks against public companies.

Written by:

Bond Schoeneck & King PLLC
Bond Schoeneck & King PLLC
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Bond Schoeneck & King PLLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide