Proposed House Bill Asks Companies to Disclose Board Members’ Cybersecurity Expertise

September 5, 2018

A bipartisan group in the House of Representatives has proposed a bill requiring public companies to say whether their boards include members with knowledge of cybersecurity. Similar to a Senate bill debated this year, the Cybersecurity Disclosure Act directs the Securities and Exchange Commission (“SEC”) to create provisions requiring public companies to disclose in annual reports or proxy statements the details of their board members’ “expertise or experience” in cybersecurity. If a board member has no cybersecurity background, then a company would have to explain how it considers cybersecurity when selecting new directors. The SEC and the National Institute of Standards and Technology would work together to establish a definition of “expertise or experience” in cybersecurity.

The House bill comes while lawmakers and regulators are conducting a comprehensive reassessment regarding public issuers’ disclosures on cyber issues. Earlier this year, the SEC revised its cybersecurity guidance by publishing Release No. 33-10459, Commission Statement on Guidance and Public Company Cybersecurity Disclosures.

Need help with your company’s cyber concerns? Reach out to a member of Cherry Bekaert’s Information Assurance & Cybersecurity practice.