The Securities and Exchange Commission’s (SEC) decision to launch a lawsuit against SolarWinds and its Security Chief, Tim Brown, following the massive 2019-2020 data breach, has left a significant impact on corporate attorneys, signaling various lessons to be learned. This incident emphasizes the crucial role of Chief Information Security Officers (CISOs) in assessing their security protocols and ensuring that the information conveyed to the public is a reflection of reality rather than manipulated rhetoric or wishful thinking. As the former U.S. National Security Agency hacker, Jake Williams, insightfully remarked, “take stock of their security programs and ensure that what’s being communicated to the public is rooted in reality rather than spin or wishful thinking.”
This lawsuit undeniably amplifies the increasing necessity for corporations to strengthen their cybersecurity measures and maintain a transparent communication channel regarding their security initiatives, thereby bolstering public trust. It also concurrently serves as a stark reminder for organizations and their legal teams to remain vigilant and prepared for potential cyber breach occurrences. These essential learnings from the SolarWind’s case carry paramount implications for the wider business and legal communities.