Partner and Securities Enforcement Defense Co-Chair Danette Edwards shares her thoughts with CFO Dive on a recent court ruling that weakened the Securities and Exchange Commission's (SEC) approach to cybersecurity enforcement. In a case involving SolarWinds, a judge dismissed many of the SEC's claims, including its assertion that cybersecurity failures could be deemed violations of "internal accounting controls" under Section 13(b)(2)(B) of the Securities Exchange Act.

Danette noted that the ruling was very favorable to defendants, and essentially removes the proverbial "arrow" of an internal controls charge from the SEC's "quiver" in cyber cases. However, Chief Information Security Officers (CISOs) and other executives should still proceed with caution. She stated, "Not only are the defendants still facing the most serious fraud charges here, the court's ruling on disclosure controls, in contrast to internal controls, is very fact specific. It does not foreclose the use of disclosure controls claims in other cybersecurity cases going forward."

"Judge deals major blow to SEC's cybersecurity enforcement stance," CFO Dive, July 23, 2024

Related Professionals
Related Practices
Related Industries
Related Offices
Recent News