In a Halloween-eve move sure to send shivers down the spines of every public company’s CISO, on Oct. 30, the SEC filed a securities fraud complaint targeting SolarWinds’ CISO in the wake of their major December 2020 data security incident. The SEC alleges SolarWinds and its CISO committed securities fraud in connection with multiple public disclosures about its cybersecurity practices, including the form 8-K disclosing the incident. This move is the latest in a series of steps taken by the SEC to flex its muscles in regulating data security.