[Congressional Record Volume 161, Number 184 (Thursday, December 17, 2015)]
[Senate]
[Page S8795]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
By Mr. REED (for himself and Ms. Collins):
S. 2410. A bill to promote transparency in the oversight of
cybersecurity risks at publicly traded companies; to the Committee on
Banking, Housing, and Urban Affairs.
Mr. REED. Mr. President, today I am pleased to be introducing the
Cybersecurity Disclosure Act of 2015 with Senator Collins. In response
to data breaches by various companies, which exposed the personal
information of millions of customers, this bill asks each publicly
traded company to include, in Securities and Exchange Commission, SEC,
disclosures to investors, information on whether any member of the
Board of Directors is a cybersecurity expert, and if not, why having
this expertise on the Board of Directors is not necessary because of
other cybersecurity steps taken by the publicly traded company. The
legislation does not require companies to take any actions other than
to provide this disclosure to its investors.
Many investors may be surprised to learn that board directors who
participated in National Association of Corporate Directors roundtable
discussions on cybersecurity late in 2013 admitted that ``the lack of
adequate knowledge of information technology risk has made it
challenging for them to `effectively oversee management's cybersecurity
activities.' Participating board members also suggested that `without
sound knowledge of--or adequate sensitivity to--the topic, directors
cannot easily draw the line between oversight and management,' and that
once in the technical `weeds,' directors `find it difficult to assess
the appropriate level of [the board's] involvement in risk management.'
''
Investors and customers deserve a clear understanding of whether
publicly traded companies are not only prioritizing cybersecurity, but
also have the capacity to protect investors and customers from cyber
related attacks. This bill aims to provide a better understanding of
these issues through improved SEC disclosure.
While this legislation is a matter for consideration by the Banking
Committee, of which I am a member, this bill is also informed by my
service on the Armed Services Committee. It is through this dual
Banking-Armed Services perspective that I see that our economic
security is indeed a matter of our national security, and this is
particularly the case as our economy becomes increasingly reliant on
technology and the Internet.
For example, James Clapper, Director of National Intelligence,
recently appeared before the Armed Services Committee on September 29,
2015, and testified that ``cyber threats to the U.S. national and
economic security are increasing in frequency, scale, sophistication
and severity of impact.'' He further said that ``[b]ecause of our heavy
dependence on the Internet, nearly all information communication
technologies and I.T. networks and systems will be perpetually at
risk.''
With mounting cyber threats and concerns over the capabilities of
corporate directors, we all need to be more proactive in ensuring our
Nation's cybersecurity before there are additional serious breaches.
This legislation seeks to take one step towards that goal by
encouraging publicly traded companies to be more transparent to its
investors and customers on whether and how their Boards of Directors
are prioritizing cybersecurity.
I thank Harvard Law School Professor John Coates, MIT Professor Simon
Johnson, Columbia Law School Professor John Coffee, and the Consumer
Federation of America for their support, and I urge my colleagues to
join Senator Collins and me in supporting this legislation.
______