May 12, 2022

Wyden, Colleagues Urge SEC to Finalize Tough Cybersecurity Disclosure Rules for Public Companies

Bipartisan letter seeks increased transparency for investors amid ongoing cybersecurity threats

Washington, D.C. – U.S. Senator Ron Wyden and six Senate colleagues this week urged the U.S. Securities and Exchange Commission (SEC) to increase transparency for investors in an age of persistent cybersecurity threats with rising economic costs.

In March, the SEC published proposed rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. The proposed rules seek to enhance and standardize disclosures regarding public companies’ cybersecurity risk governance, including disclosure of whether any directors on a company’s board have cybersecurity expertise.

“The Proposal would implement bipartisan legislation that we have introduced called the Cybersecurity Disclosure Act. That legislation directs the SEC to issue rules requiring each public company to disclose, in its annual report or annual proxy statement, whether any member of its governing body has expertise or experience in cybersecurity, including details necessary to describe fully the nature of that expertise or experience. And if no member has such expertise or experience, a company would be required to describe what other aspects of the company’s cybersecurity were considered by any person, such as an official serving on a nominating committee, who is responsible for identifying and evaluating nominees for membership to the governing body,” Wyden and colleagues wrote to SEC Secretary Vanessa Countryman.

“The Proposal follows the intent of our bill by encouraging directors to play a more effective role in cybersecurity risk oversight at public companies, and we commend the SEC for issuing a Proposal that would achieve this important goal,” Wyden and colleagues continued.

The letter was led by U.S. Senator Jack Reed, D-R.I. Alongside Wyden, the letter was signed by U.S. Senators Catherine Cortez Masto, D-Nev., Kevin Cramer, R-N.D., Angus King, I-Maine, Mark Warner, D-Va., and Susan Collins, R-Maine.

The seven senators, all cosponsors of the Cybersecurity Disclosure Act, urged the SEC in their letter to issue the exact rules that the agency proposed in March to require publicly traded companies to disclose whether they have cybersecurity expertise on their boards of directors.

The full text of the letter is here.