TheCorporateCounsel.net

As this Reuters article notes, the SEC suffered a significant setback in its ongoing cybersecurity enforcement efforts when U.S. District Judge Paul Engelmayer dismissed a significant part the SEC’s allegations against SolarWinds in a closely-watched and sprawling case that the SEC has been pursuing for several years. The article notes:

U.S. District Judge Paul Engelmayer in Manhattan dismissed all claims against SolarWinds and chief information security officer Timothy Brown over statements made after the attack, saying the claims were based on “hindsight and speculation.”

In a 107-page decision on Thursday, the judge also dismissed most SEC claims concerning statements predating the attack, apart from securities fraud claims based on a statement on SolarWinds’ website touting the company’s security controls.

The SEC declined to comment on Judge Engelmayer’s decision. There will no doubt be a lot of ink spilled over the coming days analyzing the potential implications of the decision for the SEC’s current Enforcement efforts with respect to cybersecurity disclosure and internal accounting controls, but suffice it to say that this decision pushes back on the some of the agency’s most aggressive enforcement theories in the cybersecurity space.

– Dave Lynn