"In short, this proposed law means that every publicly held company in the United States – and there are thousands – must specify in their public filings which member of their Board of Directors is their designated cybersecurity expert (which I am abbreviating from this point forward as the “DCE’). If the company does not have a DCE it must explain why it feels that it does not need one and, presumably, what measures it is taking to protect itself from cybercrime and cyberattacks."
Even if it doesn't become law, maybe it's just a good idea?