← Back to all briefings
Compliance 5 min read Published Updated Credibility 40/100

Compliance Briefing — SEC charges SolarWinds and CISO over cyber risk disclosures

The SEC filed enforcement actions on 30 October 2023 against SolarWinds and its CISO, alleging misleading cyber risk disclosures and internal controls failures tied to the 2020 Orion compromise.

Zeph Tech Research Lead

Research lead, Zeph Tech

Single-point timeline showing the publication date sized by credibility score.
Publication date and credibility emphasis for this briefing. Source data (JSON)

On 30 October 2023 the U.S. Securities and Exchange Commission charged SolarWinds Corporation and its CISO with fraud and internal control violations related to statements about the company’s cybersecurity posture before and after the 2020 Orion supply-chain compromise. The complaint cites gaps between public filings and internal assessments, emphasizing disclosure obligations for material cyber risks and incidents.

Public companies should align cyber risk factors and incident timelines with board and audit committee oversight, strengthen documentation of control evaluations, and ensure Form 8-K and 10-K narratives reflect internal security realities.

Single-point timeline showing the publication date sized by credibility score.
Publication date and credibility emphasis for this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Compliance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • sec enforcement
  • cyber disclosures
  • solarwinds
  • public companies
Back to curated briefings