The Cybersecurity Disclosure Act of 2015 is a proposed law pending in the US Senate. Every publicly held company in the U.S. must specify in their public filings which member of their board of directors is their designated cybersecurity expert (DCE) The law is still in the pending/proposed stage but if it is passed, the SEC will create and publish guidelines within a year of its approval specifying what publicly traded companies must publish in their annual reports in regards to cybersecurity threat prevention. If you are a publicly traded company you will be legally compelled to have someone on your board of. directors who has expertise and/or experience in cybersecurity.”]
Source: https://www.csoonline.com/article/3102985/feds-might-force-your-board-to-be-cyber-aware.html