The US Securities and Exchange Commission (SEC)’s issue of a Wells Notice to SolarWinds Corporation’s former and current executives this summer is a sharp reminder that there can be serious consequences for individuals following cyber security incidents.
There is a global trend towards holding senior people within companies personally responsible for cyber security. Individuals can be sanctioned by regulators, find themselves facing action for breach of their fiduciary duties to their companies, and even the target of litigation, including in class actions by investors that name officers or directors as defendants in their individual capacity.
HSF has contributed to the International Bar Association’s “Global perspectives on protecting against cyber risks: best governance practices for senior executives and boards of directors“, a first of its kind Global Report.
The issuance of Wells Notices coincides with the SEC’s recognition that cyber security incidents may be material to investors. On July 26, 2023, the SEC adopted rules requiring registrants to disclose not only material cyber security incidents they experience (generally within four business days of…
