A New York federal court has dismissed significant portions of the SEC’s securities fraud charges against SolarWinds and its chief information security officer (CISO) for making allegedly misleading public statements and disclosures before, during and after a highly publicized 2020 cyberattack. The SEC lost on all its claims related to the company’s regulatory filings, but the decision sustains charges that a SolarWinds website statement about security “was materially false and misleading in numerous respects,” and CISO Timothy Brown still faces liability. This article, the first in a two-part series about the standout case, provides perspective on the SEC’s wins and losses, and examines the multiple implications that worry CISOs. Part two will present several lessons for companies as a new era of heightened scrutiny of cybersecurity-related corporate communications arrives. See “Navigating SEC Cybersecurity Enforcement in a Post-SolarWinds World” (Jan. 3, 2024).