Ad Image

Proposed Bill Would Increase Boardroom Accountability for Cybersecurity

federal-govt

The number of data breaches in 2016 hit a record high of 1,093, with a total of 36,601,939 records compromised, according to a report from the ITRC.

In light of this, cybersecurity has become a top-of-mind priority for boardrooms at public traded companies of all sizes. In fact, in a recent NYSE survey of nearly 200 directors of public companies, more than 80 percent of participants said that they discussed cybersecurity at most or all boardroom meetings, and yet, board-level executives at affected companies are rarely held accountable for damaging breaches of customer information or records. 

A new bill introduced to Senate this week is seeking to change that by taking steps to increase the level of cybersecurity expertise in boardrooms.

The ‘Cybersecurity Disclosure Act of 2017‘, sponsored by Democrats Mark Warner of Virginia and Jack Reed of Rhode Island, and Republican Susan Collins of Maine,  is intended to “better protect consumers, increase transparency for investors and ensure public companies are prioritizing cybersecurity and data privacy,” according to a press release from Senator Warner. 

To accomplish this, the bill asks publicly traded companies to disclose in SEC filings whether any member of the company’s Board of Directors is an expert on cybersecurity, and if not, why having this expertise on the Board of Directors is not necessary because of other cybersecurity steps taken by the company.

The bill would also require that the definition of what constitutes cybersecurity expertise comes from the SEC in consultation with NIST.

“All public companies face threats daily from determined cyberattackers out to steal their data. As we’ve seen with data breaches at retailers like Target and service providers like Yahoo, it is in the best interest of consumers and shareholders for companies to fully disclose the plans they’ve set in place to defend against them,” said Senator Warner. “This legislation provides needed transparency in an often shrouded process that directly affects the privacy of millions, and will serve as tool to urge other entities to follow through on establishing a reliable strategy to counter cyberattacks.”

 

 

Share This

Related Posts