SolarWinds Corporation and its Chief Information Security Officer (CISO) are accused of financial fraud by the U.S. Securities and Exchange Commission (SEC)
In a significant development, the Securities and Exchange Commission (SEC) has accused SolarWinds and its Chief Information Security Officer (CISO), Timothy Brown, of securities fraud and internal control failures in relation to cybersecurity practices.
The allegations, which were first made public in 2021, centre around SolarWinds' failure to disclose known risks related to its cybersecurity practices from October 2018, when the company went public, up to at least the Sunburst attack in December 2020. The SEC claims that SolarWinds violated the antifraud provisions of the Securities Act of 1933 and the Securities Exchange Act of 1934.
The SEC also alleges that SolarWinds violated the reporting and internal controls provisions of the Exchange Act and that Timothy Brown aided and abetted those violations. The charges against SolarWinds could have enormous implications for CISOs at companies nationwide, as the SEC increases scrutiny on C-suite executives.
The SEC's charges against SolarWinds have raised concerns about potential risks to national security. In response, SolarWinds' stock dropped by 25% over the next two days following the incomplete disclosure in the Dec. 14, 2020 filing. SolarWinds expressed concern that the SEC's action against them could alarm all public companies and cybersecurity professionals nationwide.
Timothy Brown, who joined SolarWinds in 2017 as VP of security and was later promoted to CISO in May 2021, is at the heart of the allegations. The SEC alleges that SolarWinds' public statements contradicted internal assessments, including a 2018 assessment showing the company's remote access setup was "not very secure."
In early July 2025, discussions related to the allegations involving cybersecurity fraud, extortion linked to computer fraud, and aggravated identity theft were reported between the SEC, SolarWinds, and Timothy Brown. A preliminary settlement was reached as of August 11, 2025. However, no detailed final verdict or full settlement terms have yet been publicly released.
The case is part of a broader emphasis on cybersecurity compliance and truthful investor disclosures. Jeff Pollard, VP and principal analyst at Forrester, stated that CISOs can only do what the rest of the organization allows. This sentiment underscores the importance of robust cybersecurity practices and transparent disclosures in the corporate world.
Sources:
[1] SEC Press Release: SEC Charges SolarWinds and CISO Timothy Brown with Fraud and Internal Control Failures (2021) [2] SolarWinds Disputes SEC Charges (2021) [3] SolarWinds: A Timeline of the Hack (2021) [4] U.S. District Judge Dismisses Part of SEC's Case Against SolarWinds and Timothy Brown (2024) [5] SEC and SolarWinds Reach Preliminary Settlement in Securities Fraud Case (2025)
In the aftermath of the SEC's allegations against SolarWinds and its CISO, Timothy Brown, discussions have arisen regarding potential risks to privacy, especially in the realm of cybersecurity and technology. As CISOs play increasingly prominent roles in maintaining a company's digital security, the implications of these charges could potentially affect cybersecurity professionals across various industries, including sports. The SEC's emphasis on cybersecurity compliance and truthful investor disclosures underscores the importance of robust practices and transparent assessments in all aspects of corporate operations.
%20are%20accused%20of%20financial%20fraud%20by%20the%20U.S.%20Securities%20and%20Exchange%20Commission%20(SEC)){kind=link}