The SEC’s complaint charges SolarWinds and Brown with direct anti-fraud violations for alleged misstatements as well as direct and secondary liability against them for internal controls violations. This case marks a significant precedent, as it is the first instance where the SEC charged a CISO with fraud, representing a profound departure from its traditional focus on officers with explicit accounting and disclosure duties and SEC reporting expertise. This unprecedented action highlights the increasing importance of cybersecurity in the realm of federal securities law and underscores the gravity of the role CISOs play in the accurate representation of a company’s cyber health. The SEC’s complaint seeks not only corrective actions but also significant penalties, including injunctions, the return of ill-gotten gains and a prohibition on Brown serving as an officer or director in any public company, reflecting the severity with which the agency views these alleged infractions.
Source: What Does the SEC’s Complaint Against SolarWinds Mean for CISOs and Boards? | Skadden
