• Events and Webinars
  • Resources
    • Blog
    • Case Studies
    • News
    • Newsletter
    • Infographics
    • Papers
    • Posters
    • Video
  • Careers
    • Careers at HBS
    • Open Positions
    • Student Opportunities
  • About HBS
    • About Us
    • Leadership
    • Locations
    • Partners
    • Green Initiatives
  • Events and Webinars
  • Resources
    • Blog
    • Case Studies
    • News
    • Newsletter
    • Infographics
    • Papers
    • Posters
    • Video
  • Careers
    • Careers at HBS
    • Open Positions
    • Student Opportunities
  • About HBS
    • About Us
    • Leadership
    • Locations
    • Partners
    • Green Initiatives
HBS logo
HBS Logo
  • Infrastructure
    • CLOUD

      • Cloud Solutions
      • Public Cloud
      • Hybrid Cloud
      • Infrastructure as a Service
      • Cloud Security Solutions
      • Backup, Replication and Disaster Recovery
      • HBS Cloud Hosting Services

      DATA CENTER

      • Data Center Solutions
      • Traditional Data Center
      • Hyperconverged
      • Colocation
      • Directory Services
      • Cloud Email and Calendar Solutions

      NETWORK AND ACCESS

      • Network Infrastructure
      • Enterprise Mobility
      • Wireless Solutions
      • SD-WAN
      • Structured Cabling
      • Staff Augmentation
      Data Center Solutions blue gradient background badge with white text
  • Managed Services
    • MANAGED ONE

      • Managed One Overview
      • Managed Backup and Disaster Recovery
      • Managed Email and Collaboration Security
      • Managed Firewall

       

      • Managed HaaS and SaaS
      • Managed IT Help Desk
      • Managed Network and Server Monitoring

      HBS + PARTNER SOLUTIONS

      • HBS Secure with Verkada
      • HBS Collaborate with Webex
      • Managed XDR
      HBS Managed One Megamenu Graphic
  • Modern Workplace
    • MICROSOFT

      • Microsoft Licensing Management
      • Microsoft Modern Workplace
      • Microsoft Copilot
      • Microsoft Fabric
      • Microsoft Funding Opportunities

       

      • Dynamics 365 Business Central
      • Dynamics 365
      • Dynamics GP

      COLLABORATION

      • Audio Visual
      • Unified Communication Solutions
      • HBS Collaborate with Webex
      HBS Collaborate with Webex blue gradient background badge
  • Professional Services
    • ADVISORY

      • Virtual CISO
      • Virtual CIO
      • Project Management
      • IT Business Consulting

      ENGINEERING SERVICES

      • Staff Augmentation

      AI & ANALYTICS

      • Artificial Intelligence
      • AI Advance
      • AI Predict
      • AI Assist
      • Data Management and Analytics
      • Microsoft Copilot
      • Microsoft Fabric

      APPLICATION INNOVATION

      • Website Development
      • Application Development

      DOCUMENT MANAGEMENT

      • Document Management Services
      • Document and Check Scanners
      Discover your AI Readiness blue gradient background with white text. Bottom right photo of young man in glasses smiling while looking at laptop. Red to green temperature gauge png
  • Security
    • CYBERSECURITY

      • Managed XDR
      • Penetration Testing
      • Vulnerability Scanning
      • Email Security Services
      • Digital Forensics and Incident Response
      • Backup, Replication and Disaster Recovery
      • Firewalls
      • Cloud Security Solutions

       

      • Virtual CISO
      • Virtual Security Team
      • Virtual Security Engineer
      • Cybersecurity Risk Assessment
      • Governance and Compliance
      • SOC 2
      • CMMC
      • Managed Security Awareness Training

      PHYSICAL SECURITY

      • Security Solutions
      • HBS Secure with Verkada
      Cybersecurity Risk Assessment Megamenu Graphic
  • Search
Contact Us
Blog

What Is the Civil Cyber-Fraud Initiative?

  • Written by: Trevor Meers
  • December 7, 2021
Image of Department of Justice

If a bank or federal contractor experiences a data breach, the federal government wants to know about it—and the new Civil Cyber-Fraud Initiative has teeth to back it up. 

Throughout 2021, the federal government has taken the fight to global hackers on multiple fronts, fueled by President Biden’s May 2021 executive order. Two of the latest moves are the Department of Justice’s Civil Cyber-Fraud Initiative and new FDIC rules that ramp up reporting requirements when federal contractors, federal grant recipients or banking entities experience data breaches. 

This post explains what you need to know about how the Civil Cyber-Fraud Initiative and other new regulations could affect you. 

Why Does the Government Want Breach Reports? 

A data breach affects far more than the compromised organization. In this era of heavily interconnected supply chains, a breach of a single organization can rapidly cascade into dozens of others. (This year’s Kaseya breach provided a painful example of how supply chain attacks can go global in very little time). Through moves like the Civil Cyber-Fraud Initiative, the government wants to know when anyone handling its data or connected to its systems experiences a compromise. 

Sharing breach information also lets the greater community stop bad guys more quickly. When breaches go unreported, hackers may keep using the same kind of attack on other organizations in both the public and private sectors. When you report a breach, the government can spread the word about the vulnerability exploited and the type of attack used, etc. and help others quickly harden their defenses. Shared breach information helps developers respond with the patches that close the vulnerabilities. 

An FBI agent explained in one of our recent blogs that agents like companies to report even suspected attacks so that they can add the threat data to the information shared with all their offices. 

The DOJ’s announcement of its new requirements also acknowledged a critical point for private companies: Companies should have incentives to invest in good information security. With new regulations built on cybersecurity best practices, the government wants to stop companies from skimping on security investments and undercutting prices from those doing the right thing. 

What’s in the Civil Cyber-Fraud Initiative 

In October, Deputy Attorney General Lisa O. Monaco announced the Civil Cyber-Fraud Initiative saying, “For too long, companies have chosen silence under the mistaken belief that it is less risky to hide a breach than to bring it forward and to report it. Well, that changes today.” 

The new act’s enforcement comes via the False Claims Act, a tool that lets the feds levy fines against parties who put government programs and operations at risk through inadequate information security measures. In short, if you operate under federal contracts or receive federal grant funding, you need to be aware of the new requirements. Under this new program, firms could face government penalties if they knowingly: 

  • Provide deficient cybersecurity products or services 
  • Misrepresent cybersecurity practices or protocols 
  • Violate obligations to monitor and report cybersecurity incidents and breaches 

Whistleblower provisions in the False Claims Act empower individuals to report any wrongdoing they know about (and gives them a chance to share in assets recovered). Based on the whistleblower empowerment and the regulations’ complexity, observers expect to see a significant whistleblowing, which is what the feds are hoping for. Violations could be as simple as, for example, falsely stating that you have a written incident response plan or system monitoring in place. 

Plenty of questions remain about how the government will judge a “knowing” failure, how penalties would be assessed, how responsible a company is for its subcontractors, etc. 

What’s in the New FDIC Notification Rules 

The FDIC issued its own new regulation about incident notification in November. The new rule requires banking organizations to notify their primary Federal regulator of any “computer-security incident” that rises to the level of “notification incident,” as soon as possible, with the window not to exceed 36 hours after discovering the incident. 

In short, this regulation applies to incidents that could disrupt, degrade or impair banking operations and services. 

The rule also requires notification of customers if services will be disrupted or degraded for four hours or more. The rule takes effect April 1, 2022. 

Clearly, it will take time for organizations to sort through the new rules and establish policies accordingly. For help understanding how the Civil Cyber-Fraud Initiative and the new FDIC rules affect you, contact an HBS expert. 

Related Content

A professional working on cybersecurity in the financial sector, following SEC cybersecurity guidance. The person is seated in front of a large monitor displaying a complex array of stock market analytics and data encryption measures. This workspace exemplifies a secure environment for monitoring and protecting sensitive financial data against cyber threats, in compliance with regulatory standards for security and confidentiality in the stock exchange market.

SEC Cybersecurity: Guidance for Compliance

SEC cybersecurity guidance for new disclosure rules and regulations. Ensure compliance, protect investor trust, and manage risks effectively.

Learn More »
The text "Stopping ACH Fraud Keep Your Transactions Safe" on a white and grey textured background.

Hackers and ACH Fraud

Risk of fraudulent transactions has grown significantly. Learn how to prevent hackers from using Automated Clearing House (ACH) fraud to drain your accounts.

Explore More »
Risk Matrix Likelihood Impact

Risk Assessment: Likelihood and Impact

Assess risk effectively with the risk assessment likelihood and impact matrix. This decision-making matrix assesses risk based on the likelihood and impact of threats in your organization.

Read More »
  • Cybersecurity, Finance
Blog

Connect:

[email protected]  |  800.236.7914

HBS logo

HQ | 1700 Stephen Street
Little Chute, WI 54140
Locations

HBS Remote Support | Service & Technical Support | E-Bill Portal
Standard Terms & Conditions | Cookie Policy | Privacy Policy | Onboarding Form | End User Agreements | E-Bill FAQ | Site Map
Any purchase is governed by the HBS Standard Terms and Conditions.
©2026 Heartland Business Systems. All rights reserved.

Halo from HBS
This chat may be recorded as described in our Privacy Policy.