SolarWinds Legal Ruling Expected to Narrow, But Maintain SEC Oversight on Cyber Transparency
Cybersecurity and government investigations attorney Shardul Desai was quoted in a Cybersecurity Dive article about the outcome of the U.S. Securities and Exchange Commission's (SEC) case against SolarWinds. A federal court dismissed most of the civil fraud charges against the company and its chief information security officer (CISO) stemming from 2020 cyber attacks, though it did uphold a charge related to a pre-initial public offering (IPO) security statement. Industry leaders, including Mr. Desai, noted the decision means public companies still need to take care when making representations about their cybersecurity practices, though the ruling will likely limit the SEC's ability to bring future actions involving internal controls.
"The opinion also suggests the SEC may be limited to charging a disclosure controls violation where systemic deficiencies exist, such as when controls are deficient in design or yield frequent errors," he said. "Innocent errors that result in untimely disclosure of a material cybersecurity event may not be enough for an SEC action."
READ: SolarWinds Legal Ruling Expected to Narrow, But Maintain SEC Oversight on Cyber Transparency