Making the Connection – What Do Recent SEC Enforcement Actions Mean for Cyber Controls? 

Making the Connection – What Do Recent SEC Enforcement Actions Mean for Cyber Controls? 

Client Alert

Related Documents

Related Solutions

A premier corporate governance and disclosure practice providing timely, tailored and practical advice to public company clients based on in-depth experience and insight.
We help companies protect data, comply with evolving regulations, and respond to investigations and litigation.
WilmerHale has played a leading role in shaping the rules that govern the financial services industry in the United States.
Guiding clients through high-stakes and sensitive investigations.
WilmerHale has a record of success at all stages of enforcement proceedings—from informal inquiries to litigation.
WilmerHale has defended clients in hundreds of class, derivative, shareholder and individual actions alleging securities fraud, breach of fiduciary duty and other corporate misconduct.
Critical industry insight and formidable strength across key practices.

On July 18, 2024, the U.S. District Court for the Southern District of New York dismissed most of the claims brought by the Securities and Exchange Commission (the “Commission”) against SolarWinds Corp. and its Chief Information Security Officer in SEC v. SolarWinds Corp. et al. in connection with the SUNBURST attack. Among other things, the decision provides important perspective to the debate regarding whether controls associated with cybersecurity matters are covered by the internal accounting controls provisions of Section 13(b)(2)(B) of the Securities Exchange Act of 1934, as amended (the “Exchange Act”). The court's dismissal in SolarWinds follows in sharp contrast to the Commission's June 18, 2024 settlement with R.R. Donnelley & Sons Company relating to cybersecurity incidents, including violations of Section 13(b)(2)(B) with regard to internal accounting controls, and Exchange Act Rule 13a-15(a) with regard to disclosure controls and procedures (“DCP”).

This alert explores these recent developments, beginning with a refresher on the elements of DCP, internal accounting controls, and internal control over financial reporting, analyzes those requirements in light of recent Commission enforcement and judicial actions, and concludes with some practical considerations for issuers.

READ THE FULL ALERT.

Authors

Notice

Unless you are an existing client, before communicating with WilmerHale by e-mail (or otherwise), please read the Disclaimer referenced by this link.(The Disclaimer is also accessible from the opening of this website). As noted therein, until you have received from us a written statement that we represent you in a particular manner (an "engagement letter") you should not send to us any confidential information about any such matter. After we have undertaken representation of you concerning a matter, you will be our client, and we may thereafter exchange confidential information freely.

Thank you for your interest in WilmerHale.

I Accept Cancel