Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

U.S. Senators Introduce SEC Cybersecurity Disclosure Legislation

Cybersecurity Disclosure Act of 2015 Would Prioritize Cybersecurity at Public Companies Through SEC Disclosures  

Cybersecurity Disclosure Act of 2015 Would Prioritize Cybersecurity at Public Companies Through SEC Disclosures  

U.S. Senators Jack Reed (D-RI) and Susan Collins (R-ME) introduced the bipartisan Cybersecurity Disclosure Act of 2015 on Thursday, a bill that seeks to encourage the disclosure of cybersecurity expertise, or lack thereof, on corporate boards at publicly traded companies.

Cybersecurity Disclosure Act of 2015

In response to a wave of massive data breaches in recent years, the Reed-Collins legislation asks publicly traded firms to include cybersecurity related details in Securities and Exchange Commission (SEC) filings.

The legislation asks each publicly traded company to disclose information to investors on whether any member of the company’s Board of Directors is a cybersecurity expert, and if not, why having this expertise on the Board of Directors is not necessary because of other cybersecurity steps taken by the publicly traded company. 

The legislation would not require companies to take any actions other than to provide disclosure.

“The bill would encourage boards to be take direct responsibility for cybersecurity through a light touch ‘comply or disclose’ approach, preserving flexibility for companies to respond to cyber threats in a tailored and cost-effective way,” said Harvard University School of Law Professor John Coates.

“Cybersecurity is one of the most significant and enduring challenges businesses face and should be accounted for as part of the corporate risk management process.  Investors and customers deserve a clear understanding of whether public companies are prioritizing cybersecurity and whether they have directors who can play an effective role in cyber-risk oversight,” said Senator Reed, a senior member of the Senate Banking Committee.  “This legislation will highlight how focused firms are in terms of data security and safeguarding private information and should encourage more companies to improve their cybergovernance.”

A study released earlier this year from the Ponemon Institute found that 78 percent of the more than 1,000 CIOs, CISOs and senior IT leaders surveyed had not briefed their board of directors on cybersecurity in the last 12 months. In addition, 66 percent said they don’t believe senior leaders in their organization consider security a strategic priority. 

Advertisement. Scroll to continue reading.

A separate survey published in January by the National Association of Corporate Directors (NCD) that found that more than half (52 percent) of the 1,013 corporate directors surveyed were not satisfied with the amount of information they were receiving about cyber-security. In addition, 36 percent said they were unsatisfied with the quality of that information.

“For decades the SEC has had the mandate to make sure investors and shareholders have similar information as insiders. Unfortunately, the annual disclosures made by publicly traded companies have not kept pace with the pace of technological innovation.  Our bill fixes that by making sure that firms provide a basic amount of information about the degree to which a firm is protecting the economic and financial interests of the firm from cyber attacks,” said Senator Collins, a member of the Senate Select Committee on Intelligence.

Related: NYSE Survey Examines Cybersecurity in the Boardroom

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.