CISO Trainings , Legislation & Litigation , Standards, Regulations & Compliance

CISOs on the Hook: SEC Tightens Cybersecurity Disclosures

Lee of Jenner & Block on How SolarWinds Case Ushered in New Era of Risk Management
Jennifer Lee, partner, Jenner & Block

The SolarWinds case has redefined cybersecurity disclosure obligations, especially for chief information security officers. The SEC's novel theories in this case have set a precedent for how organizations must present their cybersecurity practices, said Jennifer Lee, partner at Jenner & Block. While the judge dismissed some SEC claims, the case has confirmed the SEC's power to enforce cybersecurity regulations.

See Also: The State of Enterprise Mobile App Security 2023: Results Analysis

CISOs are now responsible for ensuring that their companies' security statements align with actual practices, Lee said. Failure to align internal practices with public statements could expose companies to significant regulatory risks.

"SEC is going to be looking at CISOs as a subject matter expert. What CISOs need to do is have clarity on what it is that they are being asked to approve. They can no longer be passive," she said.

In this interview with Information Security Media Group at Black Hat 2024, Lee also discussed:

  • The increased scrutiny on CISOs related to new cybersecurity reporting rules;
  • The importance of accurate cybersecurity disclosures;
  • The disconnect between CISOs' influence and their legal accountability.

Lee has nearly two decades of experience in litigation, specializing in business litigation, data privacy and cybersecurity, and securities laws. Previously, she served as assistant regional director at the U.S. Securities and Exchange Commission's Division of Enforcement, where she oversaw complex investigations and enforcement actions.


About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing devicesecurity.io, you agree to our use of cookies.