JustProtect Cybersecurity Blog

    Why the SolarWinds Lawsuit should concern CFOs as well as CISOs

    Aug 20, 2021 10:00:00 AM / by Haley Keitel

    SolarWinds is facing a continued lawsuit from investors that has specifically named the CFO and now the CISO, as a result of their lack of disclosure controls and systems surrounding their cybersecurity risk management following a major breach.  

    This case focuses on negligence to inform investors of risks to their cybersecurity protection, leading to potential financial penalties and the lawsuit SolarWinds is currently facing. The legal case extends the scope of liability to C-suite executives and managers involved in the dealings of the breach, whether they were actively involved or complicit in keeping information from the board. 

    The legal action taken by the board members against SolarWinds for their failures in their cybersecurity risk management practices may have the same impact, if not more, than the criminal cases like Enron and MCI, which led to the Sarbanes-Oxley regulation. 

    Like the FAFC enforcement from the SEC, regulators are calling attention to the deficiency in controls of the security systems by senior executives to the security attack. This case, which focuses on the C-suite members like the CEO and CISO, should concern every board and management executive at any large enterprise as it affects more than just company reputation, but the bottom line. 

    When talking with our CEO, Vikas Bhatia said, “This case specifically highlights the Cybersecurity risk management challenges still faced by enterprises which includes a lack of transparency to investors or the board, the siloed and compliance focused processes, as well as the inefficiencies related to the conducting, and reporting of improper security measures once identified.”  

    Key takeaway: Regardless of the direction of this case, CISOs and cybersecurity professionals should be aware of these possible actions and actively establish plans to report, mitigate, and resolve any such issues related to risk and security.  

    Schedule a time to talk with Vikas to discuss more on how companies, like yours, can better manage cybersecurity risk and avoid legal and financial repercussions like this.

    Tags: cybersecurity, Security, CISO, CFO, data breach

    Haley Keitel

    Written by Haley Keitel