Judge Rejects SEC's Effort to Oversee Corporate Cybersecurity Controls

A federal judge in a case stemming from one of the worst known cyberattacks has rejected the Securities and Exchange Commission’s bid to oversee corporate cybersecurity controls, relieving companies worried they would be penalized by regulators after breaches by well-resourced hackers. In a closely watched case brought by the agency against 2020 hacking victim SolarWinds, U.S. District Judge Paul A. Engelmayer granted most of the company’s motion to dismiss, holding that current laws give the SEC authority only over financial controls, not all internal controls.