Cybersecurity is a real threat and needs to be taken seriously. But is it a Board of Directors level issue for all public companies? I don’t think so. But apparently Senators Jack Reed and Susan Collins think that is. That would mean another headache for public companies.
Of course there may be some companies that need cybersecurity as a priority for a seat in the boardroom. Does a pharma company trying to create a new drug need to devote a precious board seat to a cybersecurity expert?
The legislation imposes an obligation on the Securities and Exchange Commission to implement this concept.
It also requires the SEC to work with the National Institute of Standards and Technology to define what constitutes expertise or experience in cybersecurity. That of course is whole other issue. There are lots of people out there claiming to be cybersecurity experts. The best are likely trying to hack into your system right now.
I’m sure cybersecurity experts are frothing at the concept of getting board seats. Unfortunately, it will take away a seat from someone who might bring better expertise to the company.
Like the conflict minerals legislation, it’s another rule that brings little protection to investors but imposes large costs and difficulties on public companies.
As you might expect, the SEC has it’s own cybersecurity issues. I wonder if one of the SEC Commissioners will be required to have cybersecurity expertise.
Sources:
- Cybersecurity Disclosure Act of 2015
- Bipartisan Senate bill introduced to require public companies to increase transparency regarding board oversight of cybersecurity risks by Cydney Posner in PubCo@Cooley
- Being a Responsible Steward: Ensuring that the SEC Implements Effective Cybersecurity Protocols for its Data Gathering Efforts
Brian Klug: Anonymous Hacker
CC BY SA
