Governments are working around the world to find the best practices for organizations to report data breaches. The U.S. specifically has implemented a wide variety of measures focused on improving the nation’s cybersecurity infrastructure. The country has put many different organizations in place to assist and work on cyber incidents and has most recently formed “The Quad,” a new cybersecurity-related alliance between the U.S., Australia, India, and Japan. Now, the Department of Justice (DOJ) has announced a new Civil Cyber-Fraud Initiative. This will “combine the department’s expertise in civil fraud enforcement, government procurement, and cybersecurity to combat the new and emerging cyber threats to the security of sensitive information and critical systems.” The new initiative aims to pursue cybersecurity-related fraud by government contractors and grant recipients, specifically those who knowingly use deficient cybersecurity protocols or misrepresent cybersecurity practices. It will also emphasize those who fail to report breaches and incidents when required to do so by law. The goal is to encourage these entities to bring forward any information about breaches to better protect their customers’ information.
Analyst Notes
Organizations sometimes battle with the decision to report a breach or not. Reporting a data breach may hurt the reputation of a company and have financial repercussions, but by doing so protects their customers, which should be a main focus in the instance of a data breach. Many companies fail to report cybersecurity incidents, but that only hurts the fight against threat actors. Sharing information on different attacks helps defenders fight and protect against new and emerging threats to limit the number of victims. The DOJ believes that the new initiative will bring six benefits to this effort which can be found here: https://www.justice.gov/opa/pr/deputy-attorney-general-lisa-o-monaco-announces-new-civil-cyber-fraud-initiative
https://www.secureworld.io/industry-news/u.s.-fines-report-data-breach
