In recent years, the Securities and Exchange Commission (SEC) has sued multiple public companies for lax disclosures around cybersecurity incidents - even when there was no evidence of bad intent or even negligence.

Recently, the SEC significantly ratcheted up the pressure on public companies - and CISOs, and adopted new rules giving the government more avenues to second-guess cybersecurity disclosure decisions. This was followed by the SEC suing SolarWinds and its CISO for fraud, marking the start of a new era in cybersecurity enforcement.

This session provides an inside perspective on SEC risk - and mitigation - for CISOs and other security professionals in the wake of SolarWinds ruling, including:

• How the SEC approached cybersecurity cases before the SolarWinds ruling, and the new rules
• How SolarWinds ruling and the new rules are likely to influence future SEC enforcement activities
• Lessons for CISOs from the SolarWinds ruling
• How CISOs can navigate an enhanced role in the disclosure process
• Key indemnification and insurance considerations