WASHINGTON – Corporate security sectors within Fortune 500 companies are closely monitoring the unfolding Securities and Exchange Commission (SEC) lawsuit against SolarWinds and its Chief Information Security Officer (CISO), Timothy Brown. The legal action, which centers on allegations of failing to disclose cybersecurity vulnerabilities following a significant Russian cyberattack in 2020, has put top security executives on edge.
This heightened concern among security chiefs can be traced back to the recent guilty verdict of Joe Sullivan, the former CISO of Uber (NYSE:UBER), for hiding a data breach at the ride-hailing company. The case against Sullivan has set a precedent that has significantly raised the stakes for CISOs and similar executives when it comes to transparency about cybersecurity incidents.
George Gerchow, the CISO of Sumo Logic, is among those expressing increased apprehension about the personal risks involved in managing corporate and individual interests in light of such disclosures. With legal accountability extending to individuals in corporate security roles, the Sullivan verdict serves as a stark reminder of the potential consequences of not reporting breaches and vulnerabilities.
Fortune 500 firms are now paying close attention to the outcome of the SEC’s lawsuit against SolarWinds and Brown, as it could have far-reaching implications for how cybersecurity issues are handled and reported within major corporations. The case underscores the delicate balance that security professionals must maintain between protecting their organizations and adhering to regulatory requirements and public expectations for transparency.