Key Takeaways
Background: The SEC’s Increased Focus on Cybersecurity
On October 30, 2023, the United States Securities and Exchange Commission (SEC) announced charges against SolarWinds, an Austin-based technology company that provides customers with network monitoring software, and Timothy Brown, SolarWinds’ Chief Information Security Officer (CISO), for fraud and internal control failures relating to known cybersecurity risks that culminated in a nearly two-year long cyberattack against SolarWinds and some of its customers, including federal and state government agencies, and that was first disclosed to the public in December 2020.
The charges are the latest development in a recent string of SEC activity targeting cybersecurity risks and disclosure policies on both the rulemaking and enforcement fronts. Following a keynote address made at the outset of 2022 by SEC Chair Gary Gensler that harped on the agency’s increased focus on cyber issues in light of the increasing risk of cyberattacks, the SEC proposed two new cybersecurity rules: one aimed at public companies, and turning solarwinds charged fraud regarding cyber related disclosures