The U.S. Securities and Exchange Commission (SEC) has recently changed its approach to corporate data breaches, as illustrated by its case against SolarWinds Corp. The case itself has set a new precedent within the agency with the initiation of its first-ever civil claims against an executive in relation to a cybersecurity disclosure suit.
This turn of events signifies not just a bit of course change, but also a more forceful stance against fraud. SolarWinds Corp, a company majorly recognized for its management software services, is under scrutiny not only for the data breach itself, but also for the subsequent actions taken, or not taken by its executives.
In previous instances, corporate data breaches have been perceived more as a misfortune for the attacked organizations, the victims of foul play. However, the cybersecurity landscape seems to be changing, and fast. With this new case, the SEC is signaling that being the victim of a data breach doesn’t absolve a company or its executives from their duty to protect sensitive corporate and customer information – or disclose when they’ve failed to do so.
The detailed report about the SEC’s lawsuit against SolarWinds in this new era of cyber focus can be accessed at the following link. It showcases how this case can potentially shape future cybersecurity-related disclosures and the associated legal obligations.
The legal fraternity will certainly be keeping a close eye on developments in this case, looking for clues as to how the SEC will handle cybersecurity disclosure suits in the future.