The Justice Department’s push to encourage whistleblowers to raise cybersecurity fraud claims against US contractors has produced settlements that provide a window into alleged lapses, vulnerabilities, and shortcomings amongst governmental partners of all stripes.
Georgia Institute of Technology last month became the latest federal funds recipient to resolve a False Claims Act suit alleging inadequate performance of cybersecurity services in federal contracts. DOJ has announced at least seven settlements in 2025, worth about $51 million.
These announcements come a few years into the DOJ’s civil cyber fraud initiative to hold accountable contractors that put federal systems and the government’s information at risk from inadequate cybersecurity.
When whistleblowers come forward, they have a lot to say about why contractors may be falling short in their obligations, attorneys say, such as a lack of cybersecurity sophistication, unwillingness to spend money, failing to communicate, and prioritizing private businesses over government customers.
Cybersecurity knowledge isn’t standard for all government contractors, said Stephanie Siegmann of Hinckley Allen. Compliance is expensive, she said, and businesses “often do not want to spend money on cybersecurity until after they have suffered a cyberattack.”
One cybersecurity compliance issue, according to Joe Swanson of Foley & Lardner LLP, is that many contractors “siloed” their compliance and information...
Legal action has brought important decisions, from the scrapping of fossil fuel plants to revised climate plans This year marks the 10th anniversary of the Paris agreement. It is also a decade sin...