Proposed House Bill Asks Companies to Disclose Board Members’ Cybersecurity Expertise
September 5, 2018
A bipartisan group in the House of Representatives has proposed a bill requiring public companies to say whether their boards include members with knowledge of cybersecurity. Similar to a Senate bill debated this year, the Cybersecurity Disclosure Act directs the Securities and Exchange Commission (“SEC”) to create provisions requiring public companies to disclose in annual reports or proxy statements the details of their board members’ “expertise or experience” in cybersecurity. If a board member has no cybersecurity background, then a company would have to explain how it considers cybersecurity when selecting new directors. The SEC and the National Institute of Standards and Technology would work together to establish a definition of “expertise or experience” in cybersecurity.