On October 30, 2023, the SEC filed a complaint against SolarWinds Corporation and its Chief Information Security Officer alleging securities fraud and failures under the internal accounting controls, reporting, and disclosure controls provisions of the Securities Exchange Act in connection with allegedly material cybersecurity weaknesses and risks. The SEC’s cybersecurity action is novel in several respects, including in alleging securities fraud in violation of Rule 10b-5, internal accounting controls violations, and charges against a CISO individually. The SEC’s allegations have significant implications for companies’ cybersecurity governance, risk management, and control frameworks, and for executives with cybersecurity oversight responsibilities.