Skip to main content

A group of bipartisan lawmakers is urging the Securities and Exchange Commission to increase transparency requirements for companies through mandatory cybersecurity reporting.

Senators on Tuesday sent a letter to SEC Chair Gary Gensler urging him to propose rules regarding cybersecurity disclosures and reporting, including asking companies to disclose whether a cybersecurity expert is on the company’s board of directors.

The letter does not single out defense contracting firms, but any legislation regarding mandatory cybersecurity reporting is of keen interest to the industry considering so many companies deal in highly classified information and are top targets for foreign hackers.

“As you know, cybersecurity is among our most significant national security and economic challenges,” Sens. Angus King (I-Maine), Jack Reed (D-R.I.), Susan Collins (R-Maine), Mark Warner (D-Va.), Kevin Cramer (R-N.D.), Catherine Cortez Masto (D-Nev.) and Ron Wyden (D-Ore.) said in the letter. “Daily interactions increasingly take place in cyberspace, leading to more persistent and complex cybersecurity threats. Costs of cyberattacks have also been on the rise.”

The push comes after Gensler testified before the Senate Banking Committee that companies and investors would benefit if information on cybersecurity risk “were presented in a consistent, comparable, and decision-useful manner,” according to the letter.

The lawmakers have co-sponsored the bipartisan Cybersecurity Disclosure Act, an effort to require companies to provide disclosure to investors. The letter notes how a company chooses to address cybersecurity threats remains the company’s own decision. 

Under the act, boards of directors would be encouraged to develop approaches to address the company’s needs and play a larger role in cybersecurity risk oversight.

“Public companies and investment managers should pay attention to threats before they are realized,” the letter states. “This is a better approach than scrambling to figure out what went wrong after investors have been harmed. America’s economic prosperity is linked to strong cybersecurity defenses in the private sector. The alternative unfortunately puts investors’ hard-earned savings and pensions at risk.”

The letter states the SEC should develop the rules with the White House’s National Cyber Director, Chris Inglis, who was CCed on the letter.

For more of the latest in litigation, regulation, deals and financial services trends, sign up for Finance Docket, a partnership between Breaking Media publications Above the Law and Dealbreaker.



Gary Gensler Comes Not To Mourn SPACs But To Bury Them

The SEC comes for the ailing sector with a coup-de-grace.

bitcoin ether

The SEC Doesn’t Think Much Of Coinbase, And The Feeling Is Mutual

Maybe Congress would like to take Gary Gensler off its back? Please?


Will There Be Anything Left For Gary Gensler To Do At The SEC?

Interim chief Allison Herren Lee keeps taking things off his plate.

(Getty Images)

SEC Making Sure Gary Gensler Will Feel Right At Home

You can authorize and investigation and you can authorize an investigation and you and you and you, too!


Gary Gensler May Need No Sleep, But The SEC Staff Does

The regulators are feeling wrung out by all the regulating.


SEC Would Not Bold As To Just Outright Kill Payment For Order Flow

It’s just going to smother it with regulations.