Partner Alan Wilson and Special Counsel Matthew Beville published a piece about the SEC’s enforcement action against SolarWinds and its CISO in New York University School of Law’s Program on Corporate Compliance and Enforcement Blog.
Excerpt: In a clear setback for the SEC, Judge Engelmayer’s SolarWinds decision held that a public company’s cybersecurity controls are not part of its “system of internal accounting controls” within the meaning of Section 13(b)(2)(B) of the Exchange Act. Rather, that provision is limited to controls designed to ensure the “accuracy and completeness of the financial information on which the issuer’s annual and quarterly reports rely.”[1] Accordingly, the court dismissed the SEC’s claim that SolarWinds’ allegedly defective cybersecurity controls violated Section 13(b)(2)(B).
