One of the biggest cybersecurity stories of 2023 was the U.S. Securities and Exchange Commission (SEC) formally charging SolarWinds and its CISO, Timothy G. Brown, with fraud and internal control failures related to SolarWinds’ 2019 cyberattack. The charges sent a strong message to the CISO community, suggesting that they can now be held criminally or civilly liable for misrepresenting their organization’s cybersecurity posture. The indictment may set the stage for additional criminal charges and civil lawsuits against CISOs at organizations that have experienced significant breaches.
All told, Brown’s indictment highlights the heightened stress and very personal risk CISOs and CSOs now face in their role. Executives who get brought up on federal charges can anticipate a long, stressful, and expensive road, as their case may take several years to wind its way through the legal system.
Download SolarWinds Indictment: Four Steps CISOs Should Take Now Whitepaper