SolarWinds partial dismissal casts doubt on SEC Cybersecurity Rule
By 
Jeff Dale2024-08-07T14:33:00
A partial dismissal of charges levied by the Securities and Exchange Commission against Solarwinds has cast doubt about the breadth of the SEC's Cybersecurity Rule.
The SEC’s argument that a company’s “system of internal accounting controls” includes cybersecurity controls was “not tenable,” according to U.S. District Court Judge Paul Engelmayer for the Southern District of New York in his opinion and order, signed July 18.
“To state the obvious, cybersecurity controls are not–and could not have been expected to be–part of the apparatus necessary to the production of accurate” financial reports, the ruling stated.
Related articles
-
News BriefU.K. says company boards need to worry more about cybersecurity risks
The U.K. government wants directors and boards of directors to become more actively involved in cybersecurity risks facing public and private companies, as the world faces “alarming” threats from criminal gangs and malicious nation-states. Though many organizations take cybersecurity seriously, the U.K. government says they do not place management of ...
-
OpinionFive reasons why I’m excited about CW’s Cyber Risk & Data Privacy Summit
Having worked for Compliance Week for three years, I’ve found it remarkable how compliance professionals can be so consistently upbeat about their plight. An often refrain in compliance circles is “be comfortable with being uncomfortable.” As difficult as the job can be, that clearly doesn’t mean it can’t be fun.
-
News BriefUnisys, three other firms fined a combined $7M for underplaying damage from SolarWinds hack
Four current or former public companies will pay a total of nearly $7 million in fines to settle charges by the Securities and Exchange Commission that they underplayed or failed to disclose material information about how the SolarWinds Orion hack affected them.
More from Regulatory Enforcement
-
ArticleGeorgia Tech to pay $875,000 for allegations brought by compliance officers
Georgia Tech Research Corp. (GTRC) has agreed to pay $875,000 to settle allegations first raised by two compliance officers that its cybersecurity protocols violated acceptable standards for defense contractors, the Department of Justice (DOJ) said.
-
ArticleTractor Supply Company hit with $1.35M fine for alleged California privacy violations
Tractor Supply Company has agreed to get into compliance with California’s consumer privacy law and to pay a $1.35 million fine—the largest yet by California—to settle allegations it violated the privacy rights of customers and job applicants.
-
Basic PageLuminUltra fined $685K by BIS for illegal shipment to Iran
A single $33,000 shipment to Iran triggered a six-figure penalty and years of compliance oversight for biotechnology company LuminUltra Technologies, Inc.