BarbriSFCourseDetails

Course Details

This CLE webinar will discuss the important cybersecurity and disclosure considerations from the Southern District of New York's closely-watched ruling in SEC v. SolarWinds et al. (SolarWinds) wherein the court dismissed the SEC's novel cybersecurity disclosure and control claims against defendant SolarWinds and its chief information security officer. The panel will explore the implications this case may have on the SEC's approach to using securities laws to pursue cyber incident preparedness and disclosure litigation against public companies and provide key considerations for public companies going forward.

Faculty

Description

On July 18, 2024, a New York federal judge issued a closely-watched decision relating to cybersecurity incident disclosures and controls in SolarWinds. The court dismissed most of the SEC's claims against SolarWinds and its chief information security officer except for a securities fraud claim based on statements about SolarWind's own cybersecurity program that the company made on its website prior to a large-scale supply chain cybersecurity incident.

This ruling will have significant implications for the future scope and authority of the SEC's cybersecurity enforcement strategy against corporate defendants. The ruling also signals caution to public companies and their executives that statements made relating to their cybersecurity practices, including statements made on their public websites, are a major risk area that can create securities fraud liability.

In the wake of the SolarWinds decision, there are actions public companies should consider including ensuring the accuracy of public statements regarding the company's cybersecurity, implementing robust cybersecurity frameworks and conducting regular audits to mitigate risks, and establishing a system of disclosure controls and procedures to facilitate the timely disclosure of material cybersecurity risks and incidents.

Listen as our authoritative panel delivers an overview of the ruling in SolarWinds and its implications for future securities fraud litigation. The panel will also provide actionable items public companies should take to mitigate their exposure to securities fraud liability based on inadequate cyber controls and disclosures.

Outline

  1. Background: SEC v. SolarWinds et al.
  2. Court's ruling
  3. Implications of this case on public companies' cyber risk management and disclosure obligations
  4. Actions public companies should take now in light of this ruling and the SEC's cyber enforcement agenda
  5. What impact this decision may have on the new cybersecurity incident reporting rules
  6. Practical takeaways

Benefits

The panel will address these and other key considerations:

  • What is the background of the SolarWinds case?
  • What are the key holdings in SolarWinds as they relate to cyber incidents and their impact on public companies' cyber risk management and disclosure obligations?
  • How will the holding in SolarWinds impact the SEC's cybersecurity enforcement authority?
  • What actions should public companies take in light of this decision to minimize exposure to liability under securities laws?