Curated Content | Thought Leadership | Technology News

Legal and Industry Backlash Against SEC’s Cybersecurity Overreach Claims

From cyberattack to courtroom.
Emory Odom
Contributing Writer

In the wake of the colossal 2020 SolarWinds cyberattack, the US Securities and Exchange Commission (SEC) has intensified its scrutiny on how tech and telecom companies managed the incident, stirring controversy within the cybersecurity industry and the broader business community. The SEC’s probe focuses on internal communications and the cybersecurity preparedness of affected companies, signaling a potentially expansive shift in regulatory oversight.

The investigation has prompted criticism from powerful trade and lobbying groups, including the US Chamber of Commerce and the Business Roundtable, labeling the SEC’s actions as regulatory overreach.

These groups argue that the SEC’s broad interpretation of its mandate creates legal uncertainties for companies, potentially penalizing victims of cybercrime under the guise of internal accounting control failures.

Why it matters: The SEC’s actions represent a critical juncture in the evolution of regulatory oversight over corporate cybersecurity practices. This shift underscores the increasing importance of cybersecurity disclosures and preparedness in protecting investor interests and maintaining market integrity. The outcome of the SolarWinds lawsuit and the ongoing probes into other companies’ responses to the cyberattack could set new precedents for how public companies are expected to manage and disclose cybersecurity risks.

  • Expanding Regulatory Focus: The SEC’s inquiry into the SolarWinds cyberattack victims highlights a broadening scope of interest, from direct perpetrators to the cybersecurity practices of affected companies, emphasizing the importance of transparent disclosure to investors.
  • Legal and Industry Pushback: The investigation has met resistance from industry giants and trade groups, challenging the SEC’s authority to penalize companies for cybersecurity failures. This pushback raises questions about the balance between regulatory oversight and penalizing victims of cybercrimes.
  • Implications for Corporate Governance: The SEC’s aggressive stance on cybersecurity disclosures may compel companies to reassess their internal controls and communication strategies regarding cyber risks, potentially leading to more stringent cybersecurity governance practices.
  • Future of SEC Enforcement: The outcome of the SEC vs. SolarWinds case could influence how companies approach cybersecurity risk management and disclosure, and possibly inspiring further regulatory initiatives in the cybersecurity domain.

Go Deeper -> SEC Ramps Up Massive-Hack Probe With Focus on Tech, Telecom Companies – Bloomberg

You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

FTC Federal Trade Commission of the United States of America logo seen on the display in a dark room and blurred finger pointing at it.
$26 million setttlement.

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.