Flash Report — Are SEC Charges Against SolarWinds and Its CISO Signaling a New Era of Personal Accountability?

Driving the news: The U.S. Securities and Exchange Commission (SEC) has charged SolarWinds and its CISO for fraud and internal control failures relating to cybersecurity risks.

Why it matters: These charges highlight the importance of implementing strong controls and disclosing known concerns to investors. In its complaint, the SEC alleges that SolarWinds and its CISO misled investors by understating cybersecurity risks and ignoring red flags about cyber risks.

Important takeaway: The SEC’s enforcement action signals a potential expansion of executive accountability in public reporting beyond the CEO and CFO.

The bottom line: Addressing this expansion of personal accountability requires companies to enable it and individual executives to perform to it. To that end:

  • Companies and their executives should advocate for effective risk governance and compliance, create appropriate awareness, ensure clarity on roles and responsibilities, and enhance the disclosure process.
  • Individual executives owning activities, decisions and information having significant public reporting implications should measure up to their respective responsibilities under the federal securities laws.

Our insights: In this Flash Report, we summarize the SEC’s allegations against SolarWinds and its CISO and offer nine points for executives and functional leaders with SEC registrants to consider regarding their own accountability and responsibility for public reporting.

Nick Puetz, Managing Director – Security and Privacy, also contributed to this report.

To learn more about our cybersecurity solutions, contact us

Charles Soranno

Managing Director
BPI - Finance

Subscribe to Topics

Can you name the key pillars of enterprise resilience? Read this introduction to these six pillars that—when implemented—enable organizations to better prepare for the risk environment. https://ow.ly/LpbE50TxygX #ProtivitiTech #Resiliency

Protiviti enabled a global automotive technology manufacturer client to prioritize cybersecurity investments effectively after successfully implementing a Factor Analysis of Information Risk (#FAIR) quantification program. https://ow.ly/req350Txvbx #ProtivitiTech

Protiviti is a proud sponsor of #FAIRCON! Join us October 1-2 as we partake in this year’s theme "Managing Risk at the Speed of the Business.” Visit our FAIRCON page to learn more and get our code for $200 off your conference registration. https://ow.ly/qZHE50Tqan5 #ProtivitiTech

Protiviti’s tailored #Microsoft solutions address unique organizational needs. Learn more about the different use cases for integrating Microsoft Dynamics 365 and CoPilot— from improving sales to enhancing customer service to delivering deep insights. https://ow.ly/8Hhn50Twj2C

Discover how capturing key metadata via a data catalog tool leads companies to make better operational decisions. Read the latest Technology Insights blog: https://ow.ly/O1aX50Twi4K #Protiviti #TechnologyInsights #Data

Load More