Legislation recently introduced in the US Congress would compel publicly-traded companies to disclose in their filings with securities regulators whether any member of their board of directors was a ‘cybersecurity expert’.
Does this make sense to you? It does not to this commentator from the law firm Jones, Day. He says the role of the board is not to *be* the expert but to ensure that expertise is sought and its advice considered properly.
The comment notes that the SEC “has already made it clear that companies must disclose material cybersecurity risks and incidents to investors in their public filings.” . . . [more]