Senate Commerce Committee chairman Jay Rockefeller (D-W.
Va.) wants the Securities and Exchange Commission to tell companies to provide
cybersecurity risk info to investors just as they would their readiness to
manage financial, operational and other risks.
a letter to new SEC chairman Mary Jo White, Rockefeller said investors
"deserve to know whether companies are effectively addressing their
cybersecurity risks" calling that info indispensable to efficient markets.
He wants the SEC to put out formal guidance to that effect, renewing
a request he made of previous SEC chair Mary Schapiro.
Rockefeller also wants to ensure that those companies are
making "significant investments in cybersecurity."
Current law requires publicly traded companies to disclose
to investors "material" risks and events including network breaches,
but Rockefeller has said that a "significant" number of companies are
not doing so. He wants some "interpretative guidance" from SEC to
clarify that responsibility.
While Rockefeller said the response to the Schapiro letter
was staff-level guidance that was a step in the right direction, "given
the growing significance of cybersecurity on investors' and stockholders'
decisions, formal guidance from the Commission would signal to companies that
cybersecurity efforts need to be taken seriously."
Rockefeller "strongly urged" White to
make that formal guidance a priority.