Tag: CISOs

Resisting Hindsight Bias: A Proposed Framework for CISO Liability | Compliance and Enforcement

Rather than pursue this fraught path, and to provide the CISO community with clarity and reassurance that their good-faith decisions will not expose them to liability,[4] we believe an urgent need has emerged for a regulatory framework of factors for the SEC to consider when evaluating whether to charge a CISO (or other executive responsible for running a company’s cybersecurity…

Read More

SolarWinds Begins Defense Against SEC Claims Over Security Lies

Three years and a day after SolarWinds Corp. disclosed one of the most aggressive cyberattacks in history, attorneys for the company and its top security officer will face the US Securities and Exchange Commission in court over the agency’s groundbreaking enforcement action against the company. *** The case may determine the agency’s tolerance for a company’s ambiguity over its cyber…

Read More

SEC Sues SolarWinds and its CISO for Fraud and Other Violations Related to Massive Data Breach | Katten Muchin Rosenman LLP – JDSupra

Notably, the CISO is the only individual defendant named in the SEC’s suit, even though the Commission previously sent Wells Notices to other SolarWinds officers and employees.  As we discussed in a prior post, SolarWinds previously disclosed that “certain current and former executive officers and employees” had received Wells Notices stating “that the SEC staff has made a preliminary determination…

Read More

What Does the SEC’s Complaint Against SolarWinds Mean for CISOs and Boards? | Skadden

The SEC’s complaint charges SolarWinds and Brown with direct anti-fraud violations for alleged misstatements as well as direct and secondary liability against them for internal controls violations. This case marks a significant precedent, as it is the first instance where the SEC charged a CISO with fraud, representing a profound departure from its traditional focus on officers with explicit accounting…

Read More