The U.S. Securities and Exchange Commission will review a dispute between Express Scripts Holding Co. and New York State Comptroller Thomas DiNapoli over his effort to force the prescription-benefits manager to increase cyber-risk disclosures.
Express Scripts, the St. Louis County-based pharmacy benefits manager, told the SEC last month it would exclude the proposal from its annual proxy statement. DiNapoli, who’s pushing for the company’s board to report its efforts to prevent and mitigate cyber threats, objected last week in a letter to the regulator.
“We’re at the point where everyone — investors, directors, regulators — is recognizing that this is a critical issue,” said Gianna McCarthy, director of corporate governance at the comptroller’s office, which oversees about $164 million of Express Scripts stock for the $200 billion New York State Common Retirement Fund. “Investors need more disclosure.”
DiNapoli filed the proposal in November, two months after credit-reporting company Equifax Inc. revealed a breach that compromised personal information of about half the U.S. population. He assailed Express Scripts’ scant disclosure of how cyber risks are managed and cited a government-commissioned report showing the health care industry incurs a disproportionate share of hacking attacks.
Read more: Bloomberg