The U.S. Securities and Exchange Commission has charged SolarWinds and its top cybersecurity executive Timothy Brown with fraud and internal control failures for allegedly misleading investors about the company’s cybersecurity practices prior to a cyberattack launched by Russian hackers in 2019.
In a statement published late Monday, the SEC said SolarWinds “allegedly misled investors by disclosing only generic and hypothetical risks” at a time when SolarWinds and Brown knew of “specific deficiencies” in SolarWinds’ security practices and the increasing risks that the company was facing at the time. Click HERE to read the full article.
Business owners can learn a LOT from this situation.
- If your organization is publicly traded, or even if you are privately held but have investors, burying your head in the sand about cybersecurity threats can have severe consequences even beyond financial implications.
- Lack of knowledge by a CEO is not an excuse and can result in civil penalties.
- CISOs and other IT leaders put themselves at risk of civil penalties if they fail to perform their fiduciary duties or withhold information from their executive leadership.
- Bottom Line – Cyber risk continues to increase in volume and sophistication of cyber-attacks.
Want to learn more about how to evaluate the Cyber Risk in your business? Reach out for a complimentary Cybersecurity Discovery Call.