WASHINGTON, D.C. – This week, at the Senate Banking Committee hearing entitled “Legislative Proposals to Examine Corporate Governance,” senior committee member U.S. Senator Jack Reed highlighted the importance of cyber security in the corporate world and set the record straight with witnesses about the importance and efficacy of his Cybersecurity Disclosure Act.
Introduced by Senator Reed alongside Senators Susan Collins (R-ME), and Mark Warner (D-VA), and also cosponsored by John McCain (R-AZ), the Cyber Security Disclosure Act of 2017 was written to better protect customers, increase transparency for investors, and ensure public companies are prioritizing cybersecurity and data privacy. The legislation is a simple disclosure bill that asks publicly traded companies to disclose whether a cybersecurity expert is on the board of directors, and if not, why one is not necessary. The legislation does not require companies to take any actions other than to provide this disclosure.
The witnesses at yesterday’s hearing included Mr. Thomas Quaadman, Executive Vice President, U.S. Chamber Center of Capital Markets Competitiveness; Ms. Darla C. Stuckey, President and CEO, Society for Corporate Governance; Professor John C. Coates, IV, John F. Cogan, Jr. Professor of Law and Economics, Harvard Law School; and Mr. Damon A. Silvers, Policy Director and Special Counsel, American Federation of Labor and Congress of Industrial Organizations.
In questioning Ms. Stuckey, who tried to suggest in her written testimony that the Council of Institutional Investors may not support the Cybersecurity Disclosure Act, Reed set the record straight by offering two letters from the Council of Institutional Investors supporting his bill. He then pointed out to Mr. Quaadman that his written testimony conflicts with President Trump’s White House Council of Economic Advisors, who noted in a February 2018 report that “mandatory disclosure requirements were previously shown to incentivize firms to adopt better cybersecurity measures.” Reed then went on to agree with Professor Coates that cyber security is an issue that affects every company and that Reed’s bill is an excellent step to increasing cyber security while avoiding an ineffective, one-size-fits-all solution.
Cyberattacks on companies and business continue to increase in their frequency and sophistication. According to a 2017 Data Breach Year-End Review from the Identity Theft Resource Center, “the number of U.S. data breaches incidents tracked in 2017 hit a new record high of 1,579 breaches ... The review indicates a drastic upturn of 44.7 percent increase over the record high figures for 2016. … Throughout 2017, there were 830 breach incidents involving Social Security numbers. As a result of these breaches, nearly 158 million Social Security numbers were exposed. … Nearly 20% of breaches included credit and debit card information, a 6 percent increase from last year.”
Video footage of Reed’s opening statement and questioning can be found here.