Cybersecurity » Congress, SEC, Moving On Cybersecurity

Congress, SEC, Moving On Cybersecurity

March 27, 2018

United States Capitol
One of the few bipartisan acts to be introduced in Congress recently is the Cybersecurity Disclosure Act of 2017-18 (S.536). It would require publicly traded companies to disclose the cybersecurity expertise of members of the board, and, if it does not have such expertise, disclose measures taken to identify and nominate members who do. Even if it does not pass, the legislation increases the likelihood that the SEC could consider board cybersecurity expertise when evaluating whether a registered company has a sufficient risk management program. The board should consider whether the head of cybersecurity should directly report to a senior C-level officer instead of a manager one or more levels down the chain. Relying on the CEO to update the board on cyber risk may not be enough. New guidance issued in February notes that a company must include a description of how the board administers its risk oversight function, and emphasizes requirements concerning timely data breach disclosures to investors.

Read full article at:

Daily Updates

Sign up for our free daily newsletter for the latest news and business legal developments.

Scroll to Top