© Reuters.
NEW YORK – The U.S. Securities and Exchange Commission (SEC) has taken a major enforcement action against IT management company SolarWinds and its Chief Information Security Officer (CISO), Timothy G. Brown, for alleged securities fraud related to the concealment of cybersecurity risks. This move reflects a broader shift in regulatory scrutiny over corporate disclosures, particularly in how companies report cybersecurity vulnerabilities.
The SEC’s lawsuit, filed on October 30, 2023, in the Southern District of New York federal court, accuses SolarWinds and Brown of misleading investors by failing to disclose known security risks during the company’s second initial public offering (IPO) in 2018. The case centers on the SUNBURST cyberattack, which occurred between 2018 and 2021 and targeted SolarWinds’ Orion platform—a critical event that raised global supply chain cybersecurity concerns.
SolarWinds, established in 1999 with an IPO in 2009, was taken private in 2016 before going public again two years later. During this second IPO, the SEC alleges that the company and its CISO did not adequately inform investors about existing vulnerabilities that later proved to be at the heart of the SUNBURST attack.
In addition to seeking financial penalties, the SEC’s complaint aims to disqualify Brown from serving in any executive roles due to his role in the alleged misrepresentation of cybersecurity practices. This legal action marks a significant shift toward personal accountability within corporate governance. The SEC now expects all senior leaders, including CFOs and CISOs, to ensure accurate public reporting, extending responsibility beyond just CEOs.
The enforcement action underscores a new era where corporate officers are directly accountable for omissions of material facts in investor communications. The SEC’s stance sends a clear message that executives will face consequences for not disclosing significant risks, indicating a more rigorous approach to corporate transparency and investor protection.
This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.