Subscribe
‘Enforcement 40’ for 2020
Our Sponsors
Join Us On LinkedIn
Join the Securities Litigation and Enforcement Group on LinkedInThe Cybersecurity Lawsuit That Boards Are Talking About – The New York Times
“I’ve been doing this for 25 years, and I’ve always been protecting others,” said George Gerchow, the chief security officer and senior vice president of information technology at Sumo Logic, a software company. “Now, all of a sudden, I’m in a weird position where I’m having to protect myself.” Perhaps more alarming to boardrooms is […]
Guest Post: CISO Liability in Focus: SEC Enforcement, Insurance, and [Personal] Risk Mitigation | The D&O Diary
After years of relatively gentle guidance when it came to disclosing cyber risk and cyber breaches, the SEC signaled that the kid gloves had come off when it proposed and ultimately adopted its new cyber disclosure rules. The SEC had also already been signaling its changing enforcement posture, including a 2021 penalty of $500,000 it imposed on American Title […]
What Does the SEC’s Complaint Against SolarWinds Mean for CISOs and Boards? | Skadden
The SEC’s complaint charges SolarWinds and Brown with direct anti-fraud violations for alleged misstatements as well as direct and secondary liability against them for internal controls violations. This case marks a significant precedent, as it is the first instance where the SEC charged a CISO with fraud, representing a profound departure from its traditional focus […]
Bad Passwords Are Securities Fraud – Bloomberg
If you are a publicly traded software company, and your customers access your product through a server, and you provide them with a default password to log into the server, and the default password is “password,” is that securities fraud? You know the answer! *** Is that right? It feels not quite right, in the […]
SEC Files Cybersecurity Disclosure Suit Against SolarWinds and Exec | The D&O Diary
The SEC’s action is noteworthy in a number of respects, not least of which because it not only targets the company, but also targets the company’s Chief Information Security Officer (CISO). The SEC’s action in that regard is sure to send a shiver down the collective spines of the CISO community. The Journal article notes […]
SolarWinds executives receive Wells notice from US SEC | Reuters
SolarWinds said on Friday some of its former and current executives had been issued a Wells notice by the U.S. Securities and Exchange Commission over a massive 2020 data breach tied to the software firm. A Wells notice does not necessarily mean that recipients have violated any law. The SEC issues Wells notices to firms […]