The U.S. Senate recently proposed a cybersecurity disclosure bill that would require public companies to describe what cybersecurity expertise their boards have, or, if they don’t have any, what steps the companies are taking to get some expertise onto their boards.
“It seems like a pretty simple and straightforward bill,” said Chris Wysopal, CTO and CISO at Veracode. “It doesn’t have anything onerous except some disclosures about the board. To me, it has a chance of passing.”
The bill fits neatly into some research that Veracode conducted with the New York Stock Exchange, in which a surprising 90 percent of corporate board members said that regulators should hold businesses liable for breaches if they were negligent with customer data or failed to have reasonable security in place.