The idea of regulating people and organizations sounds highly complex from afar, and in all honesty, it doesn’t lose all of that complexity even if you look from up close. However, the importance of it does become more apparent once you start dissecting and assessing the principles on which it is built. Even though it might seem detrimental at times, the presence of different regulations is the reason why we are able to operate in an environment that reinforces competition and does everything to eradicate unscrupulous activities. These regulations are the reason why relatively smaller players are able to stay alive in the market. Nevertheless, the duties of regulatory bodies have remained anything but the same throughout this time. As uneventful as something like regulation and compliance sounds, the concept and its custodians had to go through a series of transformations to be in line with changing trends, but the biggest transformation was only triggered when technology came to the fore. This was the moment when each and every procedure associated with regulation and compliance got reimagined. Furthermore, the regulatory bodies now had a responsibility to protect cyber space too, and that hasn’t proven to be an easy job so far. Time and again, we see cases of cyberattacks, data breaches, and cyber fraud grabbing the headlines across the globe. Some of them might be out of our control, but a few happen due to our own negligence. Department of Justice is doubling down on efforts to solve the latter one.
Department of Justice recently announced that it will be introducing a “civil cyber fraud initiative”, which is designed to punish organizations that refrain from disclosing details about possible data breaches. The said initiative is largely for companies that are government contractors or use government funds in some capacity; hence any lack of disclosure here gives the authorities a right to reprimand under False Claims Act.
Over the last year or so, the trend of not reporting data breaches has grown significantly. While the complications that come with involving government agencies in an activity of such nature is largely why this occurs, there is also an ulterior motive pulling the strings here. A lot of these companies don’t bother to comply with the prescribed cybersecurity standards; therefore they try to avoid that scrutiny at all costs, even if it means putting different parties at risk.
“For too long, companies have chosen silence, under the mistaken belief that it’s less risky to hide a breach than to bring it forward and to report it,” Deputy Attorney General, Lisa Monaco said during a conversation at the Aspen Cyber Summit. “Well, that changes today.”
For now, in an event of non-disclosure, Monaco has strongly indicated a possible use of “civil enforcement tools” along with hefty fines.