The SEC has been transparent about how to avoid getting on the wrong side of its cybersecurity-related regulations since wading into the cybersecurity enforcement fray. Its enforcement approach became yet clearer on October 30, 2023, when it sued IT vendor SolarWinds Corporation (SolarWinds) and its chief information security officer Timothy G. Brown for making materially false and misleading statements to SolarWinds’ investors about the company’s cybersecurity protocols. In this guest article, Crowell & Moring partner Jennie Wang VonCannon examines the SEC’s complaint against SolarWinds and the company’s blog post in response, and discusses five principles that govern the agency’s enforcement decisions, providing practical insights to help public and private companies navigate the increasingly fraught regulatory landscape around cybersecurity. See “Former SEC Officials Discuss Aggressive Enforcement Climate” (Oct. 25, 2023).