Takeaways from SEC v. SolarWinds Motion to Dismiss Hearing
The SEC’s high-profile litigation against SolarWinds and its Chief Information Security Officer (CISO), Timothy Brown, reached a critical juncture on May 15, 2024, when the parties presented oral arguments before Judge Paul A. Engelmayer in the Southern District of New York on Defendants’ motion to dismiss. This client alert discusses the key critiques of the […]
The SEC’s high-profile litigation against SolarWinds and its Chief Information Security Officer (CISO), Timothy Brown, reached a critical juncture on May 15, 2024, when the parties presented oral arguments before Judge Paul A. Engelmayer in the Southern District of New York on Defendants’ motion to dismiss. This client alert discusses the key critiques of the SEC’s approach, important developments in the litigation, and highlights from the motion to dismiss hearing.
Background
As we noted in our prior client alert, the SEC filed its initial complaint against SolarWinds and its CISO Brown in October 2023, alleging that Defendants misled the company’s investors and customers by overstating the company’s cybersecurity practices and concealing mounting cybersecurity risks between October 2018 and January 2021.
The SEC’s complaint focused on SolarWinds’ flagship network monitoring product, Orion, which purportedly had abilities ranging from reducing network outages to improving network performance. Orion was used by virtually all Fortune 500 companies and many US government agencies. The SEC alleged that SolarWinds overstated the strength of its cybersecurity practices and prevention measures, and then failed to tell the whole truth after learning of a massive breach regarding Orion that impacted many of its key customers.
