In February 2018, the SEC issued a statement and interpretative guidance to assist public companies in preparing disclosures about cybersecurity. But that guidance may be insufficient in light of the SEC investigative report. Sen. Jack Reed (D.-R.I.) introduced a bill in March 2017 called the Cybersecurity Disclosure Act of 2017, which would require that publicly traded companies disclose in annual filings with the SEC whether any member of their governing body, such as their board of directors or general partner, possess expertise or experience in cybersecurity. The bill was discussed in a Senate Banking Committee hearing in June 2018 but was never voted on. It’s supported by the North American Securities Administrators Association.

About the Authors