SEC Cybersecurity Enforcement Authority After SolarWinds Ruling: Mitigating Exposure to Securities Fraud Liability

Course Details
- smart_display Format
On-Demand
- signal_cellular_alt Difficulty Level
Intermediate
- work Practice Area
Cybersecurity and Data Privacy
- event Date
Wednesday, October 9, 2024
- schedule Time
1:00 p.m. ET./10:00 a.m. PT
- timer Program Length
90 minutes
-
This 90-minute webinar is eligible in most states for 1.5 CLE credits.
This CLE webinar will discuss the important cybersecurity and disclosure considerations from the Southern District of New York's closely-watched ruling in SEC v. SolarWinds et al. (SolarWinds) wherein the court dismissed the SEC's novel cybersecurity disclosure and control claims against defendant SolarWinds and its chief information security officer. The panel will explore the implications this case may have on the SEC's approach to using securities laws to pursue cyber incident preparedness and disclosure litigation against public companies and provide key considerations for public companies going forward.
Faculty

Mr. Baker’s cross-disciplinary practice focuses on data privacy, cybersecurity, crisis management, and incident response for a broad range of industries. He is well-versed in multi-jurisdictional privacy compliance; cyber risk identification, mitigation, and response strategies; complex information governance and data management issues; and cross-border electronic discovery. Mr. Baker routinely counsels clients on considerations arising under a wide range of domestic and international privacy and security laws, standards, and best practices. In addition, he has managed dozens of cyber and privacy incidents for multinational companies through all aspects of investigation, remediation, notification, regulatory engagement, and litigation.

Ms. Valdetero serves as Co-Chair of the firm’s U.S. Data Privacy and Cybersecurity Practice where she advises clients on complex data privacy and security issues. She has led more than 1,000 data breach investigations. A litigator by background, Ms. Valdetero defends companies against privacy and data breach litigation, with an emphasis on class action lawsuits. She has designed and conducted dozens of data breach tabletop exercises to empower clients to respond effectively to a data security incident. Ms. Valdetero also counsels companies on data privacy and security compliance programs and advises on privacy and cyber risks associated with mergers and acquisitions, venture capital, and securities. Jena also advises a diverse array of clients on compliance with existing and emerging privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Gramm Leach Bliley Act (GLBA), and the Health Insurance Portability and Accountability Act (HIPAA). She is a certified privacy professional through the International Association of Privacy Professionals (CIPP/US), for which she is a former KnowledgeNet Co-Chair.

Mr. Fredrickson draws on his nearly three decades of experience at the SEC to advise clients on capital markets, securities regulatory compliance, corporate governance, public accounting, and securities enforcement matters. Prior to joining the firm, Mr. Fredrickson held a number of senior roles in the SEC’s Division of Corporation Finance and the Office of the General Counsel. Most recently, he served as Senior Legal Advisor to the Deputy Director of the Division of Corporation Finance, where he advised the Deputy Director for Legal and Regulatory Policy. Mr. Fredrickson advised senior SEC officials on complex legal issues and risk management, including serving as primary legal advisor to rulemaking teams implementing the Sarbanes-Oxley, Dodd-Frank, and JOBS Acts. His experience encompasses a broad spectrum of transactional and securities compliance and interpretative matters, including advising on issues related to digital assets, SPACs, shareholder proposals, proxy solicitations, Regulation FD, and financial reporting. Mr. Fredrickson led the team that developed the legal framework for SEC oversight of the Public Company Accounting Oversight Board. He also regularly assessed legal issues raised by recommendations from the Division of Enforcement.
Description
On July 18, 2024, a New York federal judge issued a closely-watched decision relating to cybersecurity incident disclosures and controls in SolarWinds. The court dismissed most of the SEC's claims against SolarWinds and its chief information security officer except for a securities fraud claim based on statements about SolarWind's own cybersecurity program that the company made on its website prior to a large-scale supply chain cybersecurity incident.
This ruling will have significant implications for the future scope and authority of the SEC's cybersecurity enforcement strategy against corporate defendants. The ruling also signals caution to public companies and their executives that statements made relating to their cybersecurity practices, including statements made on their public websites, are a major risk area that can create securities fraud liability.
In the wake of the SolarWinds decision, there are actions public companies should consider including ensuring the accuracy of public statements regarding the company's cybersecurity, implementing robust cybersecurity frameworks and conducting regular audits to mitigate risks, and establishing a system of disclosure controls and procedures to facilitate the timely disclosure of material cybersecurity risks and incidents.
Listen as our authoritative panel delivers an overview of the ruling in SolarWinds and its implications for future securities fraud litigation. The panel will also provide actionable items public companies should take to mitigate their exposure to securities fraud liability based on inadequate cyber controls and disclosures.
Outline
- Background: SEC v. SolarWinds et al.
- Court's ruling
- Implications of this case on public companies' cyber risk management and disclosure obligations
- Actions public companies should take now in light of this ruling and the SEC's cyber enforcement agenda
- What impact this decision may have on the new cybersecurity incident reporting rules
- Practical takeaways
Benefits
The panel will address these and other key considerations:
- What is the background of the SolarWinds case?
- What are the key holdings in SolarWinds as they relate to cyber incidents and their impact on public companies' cyber risk management and disclosure obligations?
- How will the holding in SolarWinds impact the SEC's cybersecurity enforcement authority?
- What actions should public companies take in light of this decision to minimize exposure to liability under securities laws?
Unlimited access to premium CLE courses:
- Annual access
- Available live and on-demand
- Best for attorneys and legal professionals
Unlimited access to premium CPE courses.:
- Annual access
- Available live and on-demand
- Best for CPAs and tax professionals
Unlimited access to premium CLE, CPE, Professional Skills and Practice-Ready courses.:
- Annual access
- Available live and on-demand
- Best for legal, accounting, and tax professionals
Related Courses
Recommended Resources
Explore the Advantages of Consistent Legal Language
- Learning & Development
- Business & Professional Skills
- Talent Development
The Power of Project Management: Using the 80/20 Rule in E-Discovery
- Legal Technology
- E-Discovery