“I’ve been doing this for 25 years, and I’ve always been protecting others,” said George Gerchow, the chief security officer and senior vice president of information technology at Sumo Logic, a software company. “Now, all of a sudden, I’m in a weird position where I’m having to protect myself.”
Perhaps more alarming to boardrooms is that SolarWinds did disclose some cybersecurity risks — in the same way that just about all public companies do.
“You can track it across a hundred different companies, that they’re all basically using the exact same language,” said Josephine Wolff, an associate professor of cybersecurity policy at Tufts University.
Now it seems the S.E.C. no longer considers those boilerplate disclosures to be sufficient if the company knows of more specific risks. The lawsuit is the first in which the S.E.C. has charged a company with intentional fraud related to cybersecurity disclosures, according to the law firm White & Case.
Source: The Cybersecurity Lawsuit That Boards Are Talking About – The New York Times
