Recent pronouncements from the Department of Justice (DOJ) and White House make it clear the government will be far less tolerant of excuses from companies who don’t report breaches in a timely manner, whose cybersecurity protocols are lax, or who misrepresent the controls they claim to have in place.
The government is enlisting the aid of insiders—whistleblowers—to point out where these lapses are happening. That means False Claims Act (FCA) cases are likely to be brought, even without a triggering breach or hacking event.
The DOJ unveiled its Civil Cyber-Fraud Initiative last week, warning entities that do business with the government that the promises they make regarding the strength of their cybersecurity defenses must hold up to scrutiny. Failure to do so could result in expensive FCA litigation, where the government would attempt to claw back money paid to entities that delivered inadequate cybersecurity systems or misled the government about the quality of their defenses.
The initiative piggybacks on an executive order issued by President Joe Biden in May requiring federal agencies to “improve … efforts to identify, deter, protect against, detect, and respond…
