SEC is Not Accepting Half-Truths

Matthew.Rosenquist
2 min readOct 23, 2024

The SEC has fined four major companies for materially misleading investors regarding cyberattacks.

Tech in Trouble

Regulatory actions have been brought against Unisys, Avaya, Check Point, and Mimecast for their purposeful decisions to not clearly inform customers and shareholders of the attacks and breaches they suffered as part of the SolarWinds cyberattack.

The SEC concluded that these companies were purposely vague by framing their cybersecurity risk factors hypothetically or discussing them in generic terms, even after knowing the issues were present and material.

Reporting material issues to shareholders is a requirement for public companies, so investors will have the same information to make decisions as the insiders of the company.

Jorge G. Tenreiro, acting chief of the Crypto Assets and Cyber Unit, warned that “downplaying the extent of a material cybersecurity breach is a bad strategy”.

The result of this investigation is that Unisys Corporation is fined $4 million as a civil penalty for misleading disclosures and a failure to maintain proper controls over its public statements. Check Point, Avaya, and Mimecast were fined close to $1 million each for similar reasons.

Message to CISOs

--

--

Matthew.Rosenquist
Matthew.Rosenquist

Written by Matthew.Rosenquist

CISO and cybersecurity Strategist specializing in the evolution of threats, opportunities, and risks in pursuit of optimal security

No responses yet