Insights

It’s fair to call 2023 the year of artificial intelligence. The 2023 AI boom was largely driven by the widespread adoption of new technologies like ChatGPT, Google Bard, and Microsoft Copilot. Alongside the excitement surrounding these new technologies, alarm over the possible consequences of increased AI use without appropriate guardrails caused both government and private entities to act. 

The risks faced by companies in light of new federal cybersecurity regulations are particularly acute for government contractors, who must also be aware of compounded exposure from the False Claims Act (FCA). The U.S. government is increasingly scrutinizing corporate cybersecurity programs, and companies are vulnerable to new risks of civil and criminal liability related to data breaches. The specter of individual criminal liability looms large since the 2022 conviction of the chief security officer at a leading rideshare company for actions related to his response to data breaches. And now, the SEC has charged the CISO of SolarWinds in his individual capacity with securities fraud related to the company’s cybersecurity regime. All companies—especially government contractors—should consider mitigating risk by auditing their cybersecurity protocols and updating their incident response plans.

There is a global arms race for data and technology, including artificial intelligence, and that has been leading the U.S. government to look at cybersecurity and sanctions through the lens of national security,” says Jennie Wang VonCannon, a partner at Crowell & Moring. “Because of these high stakes, regulators are building more ‘sticks’ rather than ‘carrots’ into enforcement regimes—and making it clear that companies need to take these things very seriously. And more rigorous enforcement generally leads to waves of litigation.”