In 2020, software company SolarWinds was hit with a cyberattack that compromised its Orion supply chain software. The attack impacted thousands of victims. Three years later, the US Securities and Exchange Commission (SEC) is continuing its investigation into the attack. The oversight agency has indicated it may pursue civil enforcement action against current and former employees, including CFO J. Barton Kalsu and CISO Tim Brown.
What kind of liability could these individuals face, and what does the SEC’s investigation mean for other cybersecurity stakeholders?
