A group of bipartisan lawmakers is urging the Securities and Exchange Commission to increase transparency requirements for companies through mandatory cybersecurity reporting.
Senators on Tuesday sent a letter to SEC Chair Gary Gensler urging him to propose rules regarding cybersecurity disclosures and reporting, including asking companies to disclose whether a cybersecurity expert is on the company’s board of directors.
The letter does not single out defense contracting firms, but any legislation regarding mandatory cybersecurity reporting is of keen interest to the industry considering so many companies deal in highly classified information and are top targets for foreign hackers.
“As you know, cybersecurity is among our most significant national security and economic challenges,” Sens. Angus King (I-Maine), Jack Reed (D-R.I.), Susan Collins (R-Maine), Mark Warner (D-Va.), Kevin Cramer (R-N.D.), Catherine Cortez Masto (D-Nev.) and Ron Wyden (D-Ore.) said in the letter. “Daily interactions increasingly take place in cyberspace, leading to more persistent and complex cybersecurity threats. Costs of cyberattacks have also been on the rise.”
The push comes after Gensler testified before the Senate Banking Committee that companies and investors would benefit if information on cybersecurity risk “were presented in a consistent, comparable, and decision-useful manner,” according to the letter.
The lawmakers have co-sponsored the bipartisan Cybersecurity Disclosure Act, an effort to require companies to provide disclosure to investors. The letter notes how a company chooses to address cybersecurity threats remains the company’s own decision.
Under the act, boards of directors would be encouraged to develop approaches to address the company’s needs and play a larger role in cybersecurity risk oversight.
“Public companies and investment managers should pay attention to threats before they are realized,” the letter states. “This is a better approach than scrambling to figure out what went wrong after investors have been harmed. America’s economic prosperity is linked to strong cybersecurity defenses in the private sector. The alternative unfortunately puts investors’ hard-earned savings and pensions at risk.”
The letter states the SEC should develop the rules with the White House’s National Cyber Director, Chris Inglis, who was CCed on the letter.
For more of the latest in litigation, regulation, deals and financial services trends, sign up for Finance Docket, a partnership between Breaking Media publications Above the Law and Dealbreaker.