Public Company Boards-Cybersecurity Experience

Sens. Susan Collins and Angus King (Maine) have added their names to a letter to the SEC asking them to increase the cybersecurity reporting rules for publicly traded companies.

The first of potentially many new SEC rules was rolled out this week requiring investment advisors and investment companies to report cybersecurity incidents and breaches to the agency, to adopt and implement cybersecurity policies that address risks and document their cybersecurity incidents from the last two years. This last requirement means that companies have to look backward to see what they didn’t report but now have to.

This gang of 7 senators is also asking the SEC to require companies to disclose if they have a cybersecurity expert on their board and if not, then why not.

Assuming they can’t get the SEC to act, that requirement is also in a bill titled the Cybersecurity Disclosure Act, co-sponsored by these 7 senators.

They say that they don’t want to tell boards HOW to respond to incidents. On the other hand, boards have lots of other experts like finance, sales, operations, etc. Given the importance of cybersecurity these days and how slowly companies change, the purpose here is to give companies a little nudge. Credit: SC Magazine

by