May 24, 2024 at 09:59AM
In October 2023, the SEC filed a landmark lawsuit against SolarWinds Corp. and its CISO, Timothy Brown, over alleged false statements about cybersecurity. CISOs should enhance communication with financial teams, ensure all statements are rigorously reviewed, maintain top-notch security policies, collaborate with assurance providers, and seek legal counsel amidst evolving SEC cybersecurity regulations.
Based on the meeting notes, the key takeaways for CISOs include:
1. Establishing clear communication with the CFO and financial reporting team to ensure alignment and coordination in light of new 8-K reporting rules for material cybersecurity incidents.
2. Ensuring that statements intended for customers or vendors undergo the same level of review as those intended for shareholders, as all public communications can influence the total mix of information for investors.
3. Maintaining state-of-the-art information security policies and controls, as well as exploring available insurance and corporate indemnities.
4. Collaborating with internal audit and assurance providers for testing systems and mitigating errors in external communications.
5. Seeking counsel from experienced cybersecurity counsel, especially when novel or uncertain fact patterns emerge regarding SEC matters.
This meeting notes emphasize the increasing importance of transparency and accountability in the digital age and the potential impact of SEC actions on reshaping cybersecurity disclosures across industries.