Virtual Event Today: Cyber AI & Automation Summit - Register/Login Now
Connect with us

Hi, what are you looking for?



U.S. Senators Introduce SEC Cybersecurity Disclosure Legislation

Cybersecurity Disclosure Act of 2015 Would Prioritize Cybersecurity at Public Companies Through SEC Disclosures  

Cybersecurity Disclosure Act of 2015 Would Prioritize Cybersecurity at Public Companies Through SEC Disclosures  

U.S. Senators Jack Reed (D-RI) and Susan Collins (R-ME) introduced the bipartisan Cybersecurity Disclosure Act of 2015 on Thursday, a bill that seeks to encourage the disclosure of cybersecurity expertise, or lack thereof, on corporate boards at publicly traded companies.

Cybersecurity Disclosure Act of 2015

In response to a wave of massive data breaches in recent years, the Reed-Collins legislation asks publicly traded firms to include cybersecurity related details in Securities and Exchange Commission (SEC) filings.

The legislation asks each publicly traded company to disclose information to investors on whether any member of the company’s Board of Directors is a cybersecurity expert, and if not, why having this expertise on the Board of Directors is not necessary because of other cybersecurity steps taken by the publicly traded company. 

The legislation would not require companies to take any actions other than to provide disclosure.

“The bill would encourage boards to be take direct responsibility for cybersecurity through a light touch ‘comply or disclose’ approach, preserving flexibility for companies to respond to cyber threats in a tailored and cost-effective way,” said Harvard University School of Law Professor John Coates.

“Cybersecurity is one of the most significant and enduring challenges businesses face and should be accounted for as part of the corporate risk management process.  Investors and customers deserve a clear understanding of whether public companies are prioritizing cybersecurity and whether they have directors who can play an effective role in cyber-risk oversight,” said Senator Reed, a senior member of the Senate Banking Committee.  “This legislation will highlight how focused firms are in terms of data security and safeguarding private information and should encourage more companies to improve their cybergovernance.”

A study released earlier this year from the Ponemon Institute found that 78 percent of the more than 1,000 CIOs, CISOs and senior IT leaders surveyed had not briefed their board of directors on cybersecurity in the last 12 months. In addition, 66 percent said they don’t believe senior leaders in their organization consider security a strategic priority. 

Advertisement. Scroll to continue reading.

A separate survey published in January by the National Association of Corporate Directors (NCD) that found that more than half (52 percent) of the 1,013 corporate directors surveyed were not satisfied with the amount of information they were receiving about cyber-security. In addition, 36 percent said they were unsatisfied with the quality of that information.

“For decades the SEC has had the mandate to make sure investors and shareholders have similar information as insiders. Unfortunately, the annual disclosures made by publicly traded companies have not kept pace with the pace of technological innovation.  Our bill fixes that by making sure that firms provide a basic amount of information about the degree to which a firm is protecting the economic and financial interests of the firm from cyber attacks,” said Senator Collins, a member of the Senate Select Committee on Intelligence.

Related: NYSE Survey Examines Cybersecurity in the Boardroom

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...


Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Security Infrastructure

Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...


Web scraping is a sensitive issue. Should a third party be allowed to visit a website and use automated tools to gather and store...