Without the impetus of the DOJ’s cybersecurity focus, it remains unclear whether Verizon and other companies would have deemed these failures significant enough to warrant a self-disclosure. Undoubtedly, the DOJ has more nonpublic cybersecurity cases or resolutions in the pipeline that are yet to be revealed.
Furthermore, it’s crucial to highlight that, under the initiative, the DOJ has resolved allegations not only in healthcare but also in procurement. This illustrates that cybersecurity fraud and its associated allegations are not confined to a specific sector.
A Self-Disclosure Success
The Verizon settlement also underscores the DOJ’s commitment to another crucial facet — self-disclosure. It reveals the delicate interplay between the DOJ’s assertion of prioritizing cyber-fraud and the practicality of self-disclosure for a company.
The DOJ’s self-disclosure policy became a topic of significant discussion in September 2022 when the Criminal Division published a memorandum titled “Further Revisions to Corporate Criminal Enforcement Policies Following Discussions with Corporate Crime Advisory Group.” This memo provided comprehensive guidance on timely self-disclosures, among other areas.
