October 22, 2024 at 12:35PM
Four tech companies, including Avaya, Check Point, Mimecast, and Unisys, agreed to pay penalties totaling $7 million to the SEC for misleading disclosures about their involvement in the 2020 SolarWinds hack. The companies were accused of downplaying cybersecurity incidents despite having knowledge of significant breaches affecting their networks.
### Meeting Takeaways:
1. **SEC Settlement**: Four tech companies—Avaya, Check Point, Mimecast, and Unisys—have agreed to pay penalties for misleading disclosures related to their involvement in the 2020 SolarWinds hack.
2. **Penalties**:
– **Avaya**: $1 million
– **Check Point**: $995,000
– **Mimecast**: $990,000
– **Unisys**: $4 million (including charges for disclosure control violations)
3. **Allegations**:
– Companies were accused of downplaying the severity of cyber incidents despite knowing the risks.
– Specific examples included Avaya minimizing the number of compromised files and Unisys framing its cybersecurity issues as hypothetical.
4. **Company Responses**:
– **Avaya** expressed satisfaction with resolving the matter and emphasized improvements in cybersecurity practices.
– **Check Point** stated it found no evidence of compromised customer data but opted to settle to maintain focus on defending customers against cyber threats.
– **Mimecast** maintained it did nothing wrong but cooperated fully with the SEC while enhancing its resilience.
– **Unisys** mentioned the decision to pay the fine was in the best interests of the company and its shareholders.
5. **Regulatory Reminder**: The SEC’s actions serve as a warning to publicly-held companies about the importance of accurate reporting on cybersecurity incidents, highlighting the risk of future audits and penalties for underreporting.
#### Next Steps:
– Companies should review and strengthen their cybersecurity disclosure practices.
– Ongoing training and awareness regarding accurate reporting of cybersecurity incidents is recommended.