A U.S. district court dismissed all the SEC’s securities fraud and false filings claims against SolarWinds and its Chief Information Security Officer (CISO) Timothy Brown regarding the adequacy of cyberattack disclosures, finding that the SEC had impermissibly relied on “hindsight and speculation” to find those disclosures fraudulent. The court also dismissed the SEC’s claims that
Steven M. Malina
Steven M. Malina, a former Senior Attorney in the SEC’s enforcement branch, focuses his practice on a variety of litigation and regulatory matters with representations of financial services industry clients, hedge fund matters, and securities and general commercial litigation. He represents officers, directors, broker-dealers, investment advisors, commercial banks, investment banks, investment management firms, and public issuers in investigations and disciplinary proceedings initiated by the SEC, CFTC, FINRA, FDIC, NYSE, CBOE, CME, and state regulators. In addition, Steve represents clients in related investor class-action, derivative, and other litigation and arbitration. He has also conducted internal investigations on behalf of publicly traded companies and represented committees and executive officers in internal investigations. Steve has represented brokerage firms and their management in customer-initiated cases, and injunction and arbitration proceedings.
Prior to entering private practice, Steve served as First Vice President and Deputy Regional Counsel for a large financial corporation and was a Senior Attorney in the Branch of Enforcement of the U.S. Securities and Exchange Commission.
SEC Clarifies Confusion Concerning Cybersecurity Incident Reporting
On May 21, 2024, U.S. Securities and Exchange Commission Director of the Division of Corporation Finance Erik Gerding issued a statement clarifying when the SEC expects companies to disclose a cyber incident. This clarification helps guide public companies who wish to disclose a cyber incident but who have not yet determined if the incident is…
Chief Information Security Officers in SEC Crosshairs: The SolarWinds Case
In a Halloween-eve move sure to send shivers down the spines of every public company’s CISO, on Oct. 30, the SEC filed a securities fraud complaint targeting SolarWinds’ CISO in the wake of their major December 2020 data security incident. The SEC alleges SolarWinds and its CISO committed securities fraud in connection with multiple public…
SEC Finalizes Cyber Rules for Public Companies: What You Need to Know
On July 26, 2023, the Securities and Exchange Commission (SEC) adopted the long-awaited final rule requiring that public companies disclose information about cybersecurity incidents within four business days of determining the incident is material. GT wrote about the proposed rule shortly after it was released in March 2022. For context, Commissioner Caroline Crenshaw noted, in…
SEC Continues Rolling Out Cybersecurity Rules, this Time Targeting Public Companies
Continuing its focus on cybersecurity, on March 9, 2022, in a party-line vote, the SEC proposed rules and amendments governing cybersecurity reporting requirements for public companies subject to the Securities Exchange Act of 1934.
SEC Issues Proposed Cyber Rule, Including 48-Hour Breach Reporting Requirement
On Feb. 9, 2022, the SEC released its long-awaited proposed cybersecurity rule, and there’s a lot to unpack. As GT reported previously, the SEC increased enforcement of cybersecurity compliance in 2021. As recently as Jan. 24, 2022, Chair Gary Gensler made cybersecurity the focus of his speech at Northwestern Law School’s Securities Regulation
With New Cybersecurity Enforcement, the SEC Puts Its Money Where Its Mouth Is
The past 12 months have seen an increase in cybersecurity attacks against major companies, placing data breaches on the front page of virtually every major newspaper. The U.S. government has taken notice. In May, the Biden administration issued an executive order requiring government agencies and certain government contractors to comply with cybersecurity requirements. In July,…