Should companies have a cybersecurity expert on their board of directors? The federal government seems to think so, and increasingly so do security and risk professionals, although companies would prefer to make that decision without government involvement, according to a sampling of industry pros.
A disclosure bill introduced by the U.S. Senate in December would ask companies to disclose whether they have a “cyber security expert” or equivalent measure on its board of directors. While no action is required if no expert currently has a seat on the board, the company would need to provide an explanation for how it is approaching cybersecurity.
Many questions still need answered, such as what skills would qualify a board member as a cybersecurity expert.The SEC and the National Institute of Standards and Technology would be given a role in evaluating cybersecurity experts’ qualifications, but it’s not clear what those qualifications are. NIST would