Sarah Hutchins and Michael Goldsticker wrote a blog for the Government Contractors Association about the federal government's new "Civil Cyber-Fraud Initiative." 

"The U.S. Department of Justice is targeting federal contractors and grant recipients who fail to adhere to cybersecurity requirements in their agreements and who violate their obligation to monitor and report ransomware attacks and other types of cybersecurity breaches," Sarah and Michael wrote. 

"Under this initiative, the principal tool the Department of Justice will use to pursue these contractors is the False Claims Act, which imposes liability on companies and individuals who defraud federal government programs," they wrote. "False Claims Act cases may be brought not only by the U.S. government but also by private citizens who serve as whistleblowers."

"Lax cybersecurity measures often go undiscovered until a breach or other catastrophic event," they continued. "In light of the financial incentives for private whistleblowers and plaintiffs’ attorneys to bring False Claims Act lawsuits – including automatic attorney’s fees and up to 30% of the government’s recovery in a successful action – DOJ’s policy initiative could encourage internal whistleblowers to bring cyber concerns to light and may result in a proliferation of False Claims Act litigation."

You can read their full analysis here: U.S. Government’s ‘Cyber-Fraud Initiative’ Raises the Cost of Failing to Meet Cybersecurity Best Practices.

The Government Contractors Association is a national trade association composed of small and large commercial contractors as well as government agencies.