Business cyber security disclosure bill introduced in US Senate

• US firms required to disclose publicly whether they have anyone on their board who is a “cyber security expert”

(Reuters) - Companies would have to disclose publicly whether they have anyone on their board who is a “cyber security expert” under legislation introduced in the U.S. Senate recently.

The outlook for approval of this proposal was unclear, but it comes at a time of growing concern in Congress about damaging computer hacks that have hit companies such as Target, Anthem Insurance Companies Inc and Home Depot.

The measure, from Republican Senator Susan Collins of Maine and Democratic Senator Jack Reed of Rhode Island, would require the disclosure in companies’ filings with the U.S. Securities and Exchange Commission.

It would not require companies to take any action beyond disclosure. Companies lacking a cyber security expert would have to explain themselves and say what other steps they are taking to improve their cyber security.

The bill would require the SEC and the National Institute of Standards and Technology to provide guidance on the minimum qualifications for what is considered a cyber security expert.

A separate cyber security proposal was tucked into a massive federal spending bill released recently.

That measure aims to cajole the private sector into sharing more cyber threat data with the government by expanding company liability protections, an arrangement intended to improve hack detection and prevention.