It was, according to NPR, a hack “unlike any other.” In 2020, SolarWinds, a Texas-based company, conducted a seemingly routine software update to its network management system. However, what happened next was anything but routine. As it turned out, hackers had inserted a code into that update that unleashed a massive cyberattack against the United States. And SolarWinds is still feeling the repercussions of that attack, known as Sunburst. In June, SolarWinds revealed that several current and former executives, including the CFO and CISO, received Wells Notices from the U.S. Securities and Exchange Commission indicating the intent to bring charges.

For many law firms and their publicly traded clients, a Wells Notice for a cyberbreach should be a serious wakeup call. In our last article, we discussed the perils of ransomware attacks and what law firms need to know about this in light of the White House’s National Cybersecurity Strategy. In this article, we discuss the cybersecurity perils involved with vendor management and the increasing liability that C-suite executives face when vendor management goes wrong.