Flash Report — Are SEC Charges Against SolarWinds and Its CISO Signaling a New Era of Personal Accountability?

Driving the news: The U.S. Securities and Exchange Commission (SEC) has charged SolarWinds and its CISO for fraud and internal control failures relating to cybersecurity risks.

Why it matters: These charges highlight the importance of implementing strong controls and disclosing known concerns to investors. In its complaint, the SEC alleges that SolarWinds and its CISO misled investors by understating cybersecurity risks and ignoring red flags about cyber risks.

Important takeaway: The SEC’s enforcement action signals a potential expansion of executive accountability in public reporting beyond the CEO and CFO.

The bottom line: Addressing this expansion of personal accountability requires companies to enable it and individual executives to perform to it. To that end:

  • Companies and their executives should advocate for effective risk governance and compliance, create appropriate awareness, ensure clarity on roles and responsibilities, and enhance the disclosure process.
  • Individual executives owning activities, decisions and information having significant public reporting implications should measure up to their respective responsibilities under the federal securities laws.

Our insights: In this Flash Report, we summarize the SEC’s allegations against SolarWinds and its CISO and offer nine points for executives and functional leaders with SEC registrants to consider regarding their own accountability and responsibility for public reporting.

Nick Puetz, Managing Director – Security and Privacy, also contributed to this report.

To learn more about our cybersecurity solutions, contact us

Charles Soranno

Managing Director
BPI - Finance

Subscribe to Topics

In this video blog, Protiviti experts discuss the challenges commonly heard in the #Microsoft Dynamics 365 for Finance and Supply Chain (F&SC) community. Watch now: https://ow.ly/cKJO50QfEyv #ProtivitiTech #D365

Learn more about the native SoD tool within #Microsoft Dynamics 365 Finance, how to set it up, and the limitations of the tool in our latest Technology Insights Blog post: https://ow.ly/oIvB50QfCpJ #ProtivitiTech #D365

Avoid this all-too-common pitfall during your organization’s #SAP S/4HANA journey. Learn more in the latest SAP Blog post: https://ow.ly/ovq250Qfz6X #ProtivitiTech #Data

Interested in learning how to build a neutral atom platform by learning the engineering side of quantum information science? Learn more during this discussion between @KonstantHacker and @shir0kawa of OpenQuantum. https://ow.ly/rn2l50QeszA #ProtivitiTech #Quantum #Podcast

Protiviti's Kyle Wechsler will join the roundtable discussion, "How Undetected Application Risk Can Threaten Your Organization's Compliance and How to Address It," during the Pathlock Innovation Series on Dec. 5 at 1 pm CST. Register today! https://ow.ly/Zm6j50QcfYh

Load More