The SEC has dropped its lawsuit against SolarWinds and its CISO, which accused them of misleading investors about security practices related to the 2020 SUNBURST attack. SolarWinds claims the decision is a vindication, easing concerns among CISOs about regulatory repercussions in cyber incidents. The case highlighted the challenges of holding executives accountable after cyberattacks.

Banks are urging the SEC to withdraw its proposed requirements for disclosing cyberattack incidents, arguing that such disclosures could undermine their competitive position and customer trust. The financial institutions believe that the current disclosure framework is overly burdensome and does not effectively enhance cybersecurity measures.