Interested in training for your team? Click here to learn more

SEC Cybersecurity Enforcement Authority After SolarWinds Ruling: Mitigating Exposure to Securities Fraud Liability

Recording of a 90-minute CLE video webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Wednesday, October 9, 2024

Recorded event now available

or call 1-800-926-7926

This CLE webinar will discuss the important cybersecurity and disclosure considerations from the Southern District of New York's closely-watched ruling in SEC v. SolarWinds et al. (SolarWinds) wherein the court dismissed the SEC's novel cybersecurity disclosure and control claims against defendant SolarWinds and its chief information security officer. The panel will explore the implications this case may have on the SEC's approach to using securities laws to pursue cyber incident preparedness and disclosure litigation against public companies and provide key considerations for public companies going forward.

Description

On July 18, 2024, a New York federal judge issued a closely-watched decision relating to cybersecurity incident disclosures and controls in SolarWinds. The court dismissed most of the SEC's claims against SolarWinds and its chief information security officer except for a securities fraud claim based on statements about SolarWind's own cybersecurity program that the company made on its website prior to a large-scale supply chain cybersecurity incident.

This ruling will have significant implications for the future scope and authority of the SEC's cybersecurity enforcement strategy against corporate defendants. The ruling also signals caution to public companies and their executives that statements made relating to their cybersecurity practices, including statements made on their public websites, are a major risk area that can create securities fraud liability.

In the wake of the SolarWinds decision, there are actions public companies should consider including ensuring the accuracy of public statements regarding the company's cybersecurity, implementing robust cybersecurity frameworks and conducting regular audits to mitigate risks, and establishing a system of disclosure controls and procedures to facilitate the timely disclosure of material cybersecurity risks and incidents.

Listen as our authoritative panel delivers an overview of the ruling in SolarWinds and its implications for future securities fraud litigation. The panel will also provide actionable items public companies should take to mitigate their exposure to securities fraud liability based on inadequate cyber controls and disclosures.

READ MORE

Outline

  1. Background: SEC v. SolarWinds et al.
  2. Court's ruling
  3. Implications of this case on public companies' cyber risk management and disclosure obligations
  4. Actions public companies should take now in light of this ruling and the SEC's cyber enforcement agenda
  5. What impact this decision may have on the new cybersecurity incident reporting rules
  6. Practical takeaways

Benefits

The panel will address these and other key considerations:

  • What is the background of the SolarWinds case?
  • What are the key holdings in SolarWinds as they relate to cyber incidents and their impact on public companies' cyber risk management and disclosure obligations?
  • How will the holding in SolarWinds impact the SEC's cybersecurity enforcement authority?
  • What actions should public companies take in light of this decision to minimize exposure to liability under securities laws?

Faculty

Baker, Matthew
Matthew R. Baker

Partner, Chair Privacy & Cybersecurity Group
Baker Botts

Mr. Baker’s cross-disciplinary practice focuses on data privacy, cybersecurity, crisis management, and incident...  |  Read More

Fredrickson, David
David Fredrickson

Senior Of Counsel
Covington & Burling

Mr. Fredrickson draws on his nearly three decades of experience at the SEC to advise clients on capital markets,...  |  Read More

Valdetero, Jena
Jena M. Valdetero

Shareholder, Co-Chair U.S. Data Privacy and Cybersecurity Practice
Greenberg Traurig

Ms. Valdetero serves as Co-Chair of the firm’s U.S. Data Privacy and Cybersecurity Practice where she advises...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video

Download