On Oct. 22, 2024, the Securities and Exchange Commission (SEC) announced settled charges against four current and former public companies, Unisys, Avaya Holdings, Check Point Software Technologies and Mimecast, for allegedly making materially misleading statements in their public disclosures regarding cybersecurity intrusions and risks following the SolarWinds Corporation software hack. This wave of enforcement actions signals the SEC’s continued focus on the content and completeness of public disclosures following cyber incidents. In a press release, the SEC summarized its position that the settling issuers each “negligently minimized its [SolarWinds] cybersecurity incident,” which served to “further victimize their shareholders or other members of the investing public” and left “investors in the dark about the true scope of the incidents.”
Read on to learn more about the settlements and the takeaways worth considering.