A bipartisan group of senators reintroduced legislation on March 1 intended to ensure that public companies are prioritizing cybersecurity and data privacy.
Sens. Jack Reed, D-R.I., Susan Collins, R-Maine, Mark Warner, D-Va., John Kennedy, R-La., and Doug Jones, D-Ala., introduced S. 592, the Cybersecurity Disclosure Act of 2019. Rep. Jim Himes, D-Conn., will introduce companion legislation in the house.
According to the senators sponsoring the legislation, the bill “would require publicly traded companies to include in its Securities and Exchange Commission (SEC) disclosures to investors information on whether any member of the company’s Board of Directors is a cybersecurity expert, and if not, why having this expertise on the Board of Directors is not necessary because of other cybersecurity steps taken by the company.” The sponsors also noted that the legislation doesn’t require companies to take any actions other than to provide the disclosure.
Reed has introduced similar legislation in prior Congresses, though the bills never gained significant traction.
“With growing cyber threats, we must be proactive in bolstering our nation’s cybersecurity. This legislation advances that goal by encouraging publicly traded companies to be more transparent about whether and how their Boards of Directors and senior management are prioritizing cybersecurity,” said Reed. “As our economy becomes ever more dependent on technology and the Internet, our economic security is indeed a matter of national security. Through the simple disclosure called for by this bipartisan legislation, we can strengthen cybersecurity oversight.”
“As our society increasingly relies on technology, businesses across all sectors of the economy must prioritize cybersecurity,” said Jones. “A single cyberattack can cripple even the most sophisticated firms, and the public has a right to know whether companies are focused on preventing cybersecurity threats. This bipartisan legislation will greatly increase transparency and accountability, and will ultimately help cybersecurity resilience across our economy.”
The legislation has already gained the support of the North American Securities Administrators Association; the Council of Institutional Investors; the National Association of State Treasurers; the California Public Employees’ Retirement System; the Bipartisan Policy Center; and the Consumer Federation of America.