Some people see this SEC complaint filing against Solarwinds as a “shot across the bow” for Officers and Directors to get serious about implementing “good faith” cybersecurity processes and file these processes in a Form 10-K, starting in December 2023.
I believe the message being sent by the SEC is even stronger; IMO this is a torpedo aimed directly at the Officers and Directors manning the bridge that the SEC is serious about enforcing “good faith” cybersecurity processes and practices following NIST cybersecurity standards, that must be disclosed in a Form 10-K starting in December 2023. According to the complaint, Solarwinds Officers thought they could “cover-up” their cybersecurity deficiencies and convince the public they were doing all the “right things following NIST cybersecurity and SDLC standards”, when in fact they were not, and were engaged in insider trading to dump Solarwinds stock before the crash knowing the poor state of cybersecurity within the company.
In this digital age it is nearly impossible to cover-up the truth and those that are caught attempting to do so will be held responsible, as this SEC complaint against Solarwinds clearly shows.
It’s far less risk to simply implement “good faith cybersecurity processes”, following NIST guidelines, than it is to convince a jury that the evidence they see in a lawsuit, i.e. emails and other artifacts clearly showing scienter among Officers, is false.