To date, publicly traded companies have not been required to nominate directors who are cybersecurity experts, though Commissioner Luis A. Aguilar of the Securities and Exchange Commission (SEC) has recommended strongly that companies at least consider nominating some directors with technological expertise or knowledge.1 Legislation recently introduced by Senators Jack Reed (D-RI) and Susan Collins (R-ME) aims to embrace Commissioner Aguilar's suggestion. The Cybersecurity Disclosure Act of 2015 (S.2410) would require the SEC to issue rules requiring public companies to disclose in their annual reports or proxy statements whether any members of a company's board of directors have any expertise or experience in cybersecurity and, if none, to describe what other steps have been taken to address cybersecurity when evaluating potential nominees.

This proposed legislation does not require companies to nominate directors with cybersecurity expertise or experience; however, it opens the door to potential shareholder scrutiny if companies decline to nominate such directors. Though it is uncertain whether this bill will pass, its introduction continues the growing trend of increased regulatory and legislative scrutiny regarding cybersecurity and how companies address cyber threats.