United States of America: Issued ruling in SEC lawsuit against SolarWinds for allegedly misleading investors about its cybersecurity practices

On 18 July 2024, the Southern District Court of New York issued a ruling in the US Securities and Exchange Commission's enforcement action against SolarWinds Corporation for allegedly misleading investors about its cybersecurity practices. The Court dismissed large parts of the SEC's claims, holding that cybersecurity controls are not part of a company's system of internal accounting controls under the US Securities Exchange Act. However, the Court upheld charges that SolarWinds misled investors with false public statements regarding their cybersecurity program, particularly a misleading security statement posted on their website. The Court also dismissed claims related to disclosure controls and procedures.