Publications
Publications
- January 2025
- HBS Case Collection
Cyber Oversight: SolarWinds Board of Directors
By: Lynn S. Paine
Abstract
In 2020, just two years after its IPO, information technology company SolarWinds discovered that it was the victim of an attack on its information systems by Russian hackers. The incident, known as the Sunburst attack, was costly for the company, and certain shareholders subsequently filed a derivative suit against the SolarWinds board of directors for allegedly breaching their fiduciary duty of oversight. The plaintiff shareholders charged that the directors had failed to adequately oversee cybersecurity risk and sought to hold the directors personally liable for the damage to the company resulting from the Sunburst attack. The case consists of an excerpt from the Delaware Chancery Court’s 2022 opinion describing the facts of the case.
Keywords
Corporate Governance; Corporate Accountability; Governing and Advisory Boards; Cybersecurity; Lawsuits and Litigation; Legal Liability; Business and Shareholder Relations; Information Technology Industry; United States; Texas; Delaware
Citation
Paine, Lynn S. "Cyber Oversight: SolarWinds Board of Directors." Harvard Business School Case 325-080, January 2025.