July 18, 2024 at 06:05PM
A judge dismissed part of the SEC’s case against SolarWinds and its CISO Tim Brown, post-breach, but allowed claims related to misrepresenting cybersecurity posture pre-breach to proceed. The ruling is seen as guidance for public companies in disclosing cyber incidents. SolarWinds is pleased but will defend claims in the upcoming stage. CISOs find relief in the ruling.
Key takeaways from the meeting notes include:
1. A significant portion of the Securities and Exchange Commission (SEC) litigation against SolarWinds and its chief information security officer (CISO), Tim Brown, has been dismissed by a US District Court Judge, Paul A. Engelmayer.
2. The SEC is allowed to proceed with its charge against SolarWinds and Brown for misrepresentations made about the company’s cybersecurity posture leading up to the cyberattack.
3. Legal and cybersecurity experts view the ruling positively and believe it could provide guidance to other publicly traded companies on disclosure regulations related to cybersecurity incidents.
4. While many charges against SolarWinds and Brown have been removed, the SEC will still pursue action for statements and other claims made about the company’s cybersecurity posture prior to its compromise.
5. SolarWinds’ internal communications evidence among employees has been dismissed by the court, which has been viewed as a positive development by industry professionals and CISOs.
6. The court’s decision is seen as loosening some constraints on CISOs and providing support for the need for transparency in disclosing security posture.
These takeaways provide a clear summary of the key points discussed in the meeting notes.