Leadership & Executive Communication , Security and Exchange Commission compliance (SEC) , Standards, Regulations & Compliance

SEC Compliance: Lessons From the SolarWinds Case

Walker Newell and David Anderson of Woodruff Sawyer Discuss SEC Rules
Walker Newell, vice president, securities litigation and enforcement, Woodruff Sawyer; and David Anderson, vice president of cyber, Woodruff Sawyer

The Security and Exchange Commission's handling of the SolarWinds case has transformed the landscape for CISOs already grappling with constant cyberattacks. The SEC's shift reflects the increasing focus on personal liability and the critical role of cybersecurity disclosures in regulatory frameworks, said Walker Newell, vice president, securities litigation and enforcement, at Woodruff Sawyer.

See Also: New OnDemand: How CISOs Can Ace Cyber Risk Reporting to the Board and the SEC

"One of the big lessons for folks who are in the cybersecurity community is: You have to use this as an opportunity to build closer ties with your legal organization, with compliance folks and with the finance organization," Newell said.

In this post-SolarWinds world, the cyber risk management imperatives are "having the right controls in place, and making stakeholders aware of what needs to get done," said David Anderson, vice president of cyber at Woodruff Sawyer. Meeting SEC guidelines requires clear reporting requirements internally, he said.

In this video interview with Information Security Media Group at the Fraud, Security and Risk Management Summit, Newell and Anderson also discussed:

  • Integrating SEC reporting requirements into incident response plans;
  • How CISOs can take a more active role in the disclosure process;
  • How CISOs should approach materiality when assessing and reporting incidents.

Newell has more than a decade of experience leading high-stakes investigations and litigation as a lawyer in defense, regulatory enforcement and in-house roles. He offers clients a nuanced and business-focused perspective on financial services and cybersecurity liability issues.

Anderson focuses on complex cyber, privacy, technology and professional liability issues and is a dedicated and fierce advocate for his clients. He has extensive experience in risk assessment, risk management and pre-breach network security risk discovery, as well as hands-on post-incident client support and claims advocacy.


About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.