Bipartisan federal legislation, the Cybersecurity Disclosure Act of 2015 (S. 2410), was recently introduced in the U.S. Senate by Senators Jack Reed (D-RI) and Susan Collins (R-ME), who both
serve on the Senate Select Committee on Intelligence. The bill was referred to the Senate Banking Committee (on which Senator Reed sits) and will now be considered by that committee. The bill would require public companies to disclose whether any Board member has experience or expertise in cybersecurity, and to describe the nature of that experience or expertise. If no Board member has cybersecurity experience, the company would have to disclose why the Board concluded that it was not necessary to have cybersecurity expertise on the Board of Directors – for instance, due to existing cybersecurity measures or to the company’s other specific circumstances. The
SEC would be charged with issuing rules detailing these disclosure requirements.