Skip to the content

Directors and Officers exposed to Cyber Attacks

Two US pension funds are taking legal action against the SolarWinds board blaming oversight failures that “defied elementary cybersecurity standards” for a massive cyberattack by Russian hackers.

In early 2020, hackers broke into Texas-based SolarWind's systems and added a malicious code into the company's Orion software system affecting an estimated 18,000 clients. The code created a backdoor to customer's information technology systems, which hackers then used to install more malware that helped them spy on companies and organisations.

The lawsuit names a mix of current and former directors as defendants and claims a breach of fiduciary duty with the cyber attack compromising the systems of major companies and US government agencies, including the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Security Administration, and the Treasury

Significantly, the SolarWinds board is accused of ignoring warnings before the hack about “the specific and heightened risk” of “supply chain” attacks on cyber security companies themselves.

The allegations include SolarWinds “utterly” failing to monitor cyber security risks with the result that “These oversight failures had grave consequences.”

A SolarWinds spokesperson told Bloomberg Law: “We do not comment on pending litigation, but this action is similar to a purported derivative lawsuit filed earlier this year. More importantly, we continue to focus on deepening our relationships with customers and openly discussing our Secure by Design initiatives as we look to set the standard for secure software development.”

According to the complaint, SolarWinds employees voiced concerns about its cyber security policies for several years before the hack.

The company’s failures during that period—including the use of “solarwinds123" as a network password, a decision top executives have blamed on an intern—eventually drove one of its leading cybersecurity experts to resign, the lawsuit says.

SolarWinds has said it is cooperating with investigations into the breach by the U.S. Securities and Exchange Commission, Department of Justice. The company has moved to dismiss another shareholder lawsuit seeking damages for a decline in its share price.

Company boards should seek the assistance of a specialist insurance broker, with in depth technical knowledge and full market access, in order to procure the most suitable Directors and Officers liability insurance, in addition to Cyber Media liability insurance. If you would like to discuss this insurance, or obtain a competitive quotation, please contact Daniel Moss daniel.moss@wdenis.co.uk or on 0044 (0)113 2439812

Contact Us

Call us today on 0044 (0) 113 243 9812 or arrange a call back to find out how you could benefit from our intelligence-led insurance policies.