Corruption, Crime and Compliance: Dismissal of SEC in Solarwinds Securities Fraud Case | Thomas Fox – Compliance Evangelist

A New York federal district judge issued a major ruling dismissing much of the SEC's securities fraud action against SolarWinds over the company's claims related to SolarWinds' cybersecurity policies and disclosure of a significant cyberattack on SolarWinds' network.

In this episode of Corruption, Crime, and Compliance, Michael Volkov discusses the significant dismissal of most SEC securities fraud cases Show more +

A New York federal district judge issued a major ruling dismissing much of the SEC's securities fraud action against SolarWinds over the company's claims related to SolarWinds' cybersecurity policies and disclosure of a significant cyberattack on SolarWinds' network.

In this episode of “Corruption, Crime, and Compliance,” Michael Volkov discusses a New York federal district court’s dismissal of most of the SEC’s securities fraud claims against SolarWinds.

The case highlights the ongoing challenges in reconciling cybersecurity disclosures with regulatory requirements and the impact this ruling could have on future SEC enforcement actions.

You will hear him talk about:

• Judge's decision: The court ruled that the SEC's claims relied too heavily on leniency and speculation, particularly in light of SolarWinds' early disclosure during its cyber incident investigation.

• Pre- and Post-Sunburst Disclosures: While the court upheld the charge with respect to SolarWinds' pre-Sunburst cybersecurity statements, it rejected the SEC's allegations with respect to the company's post-Sunburst disclosures because they were not misleading under the circumstances.

• Internal Controls vs. Cybersecurity: The court rejected the SEC's attempt to apply internal accounting controls provisions to cybersecurity policies, significantly limiting the SEC's enforcement discretion.

• Impact on SEC Practices: This decision contradicts the SEC's past stance in cases such as RR Donnelly and potentially impacts future SEC actions related to cybersecurity and internal controls.

• Broader impact: The ruling may impact how cybersecurity risks are reported and how companies comply with their disclosure obligations, particularly in light of potential appeals and further litigation by the SEC. Show less –