Image of Leading Lawyers Representing Cybersecurity Whistleblowers

Cybersecurity Whistleblower Lawyer’s Guide to Cybersecurity Whistleblower Rewards and Protections

cybersecurity whistleblower protectionOur experienced cybersecurity whistleblower lawyers have represented Chief Information Security Officers, CIOs, compliance officers, internal and external auditors, and other cybersecurity professionals in cybersecurity whistleblower rewards and protections matters.

To find out more about whistleblower rewards and protections for cybersecurity whistleblowers, call us at 202-262-8959 for a free, confidential consultation.


We are well versed in the cybersecurity issues that may qualify for an SEC whistleblower award, a CFTC whistleblower award, or a False Claims Act qui tam relator award.  In addition, we have extensive experience representing cybersecurity whistleblowers in retaliation actions under the whistleblower protection provision of the Sarbanes-Oxley Act and under laws that protects employees of government contractors disclosing cybersecurity deficiencies.

See our post SEC Charges Against SolarWinds Signal Resolute Cybersecurity Enforcement and May Spur Surge in Cybersecurity Whistleblowing to SEC.

SEC Cybersecurity Enforcement Priorities

The SEC’s 2024 Examination Priorities set forth the SEC’s continued focus on broker-dealer and investment adviser cybersecurity compliance:

The Division will continue to review broker-dealers’ and advisers’ practices to prevent interruptions to mission-critical services and to protect investor information, records, and assets. Operational disruption risks remain elevated due to the proliferation of cybersecurity attacks, firms’ dispersed operations, intense weather-related events, and geopolitical concerns. Given these risks and concerns, cybersecurity remains a perennial focus area for all registrants.
The Division will focus on registrants’ policies and procedures, internal controls, oversight of third-party vendors (where applicable), governance practices, and responses to cyber-related incidents, including those related to ransomware attacks. Part of this review will consider whether registrants adequately train staff regarding their identity theft prevention program and their policies and procedures designed to protect customer records and information.
With respect to third-party products and services in particular, the Division will continue to assess how registrants identify and address risks to essential business operations. In connection with its mission to inform policy, the Division will also look at the concentration risk associated with the use of third-party providers, including how registrants are managing this risk and the potential impact to the U.S. securities markets.

In addition, many broker-dealers and advisers consist of a main office and multiple other branch offices. Examinations of broker-dealers and advisers will continue to look at firms’ practices to prevent account intrusions and safeguard customer records and information, including personally identifiable information, especially as it pertains to their multiple other offices.
Lastly, the Commission adopted rule changes to shorten the standard settlement cycle for most broker-dealer
transactions from two business days after the trade date to one business day after the trade date. In connection with this change, the Division will assess registrant preparations associated with this shortening of the settlement cycle, which has a compliance date of May 28, 2024.
Examinations of broker-dealers and advisers will continue to look at firms’ practices to promote cyber resiliency. Reviews will include firm practices, policies, and procedures to prevent account intrusions and safeguard customer records and information, including personally identifiable information. Additional focus will be on the cybersecurity issues associated with the use of third-party vendors, including registrant visibility into the security and integrity of third-party products and services. The Division will also review whether there has been an unauthorized use of third-party providers.

How to Qualify for an SEC Cybersecurity Whistleblower Award

Sarbanes-Oxley and Dodd-Frank Protections for Cybersecurity Whistleblowers

Cybersecurity False Claims Act Whistleblower Rewards and Protections

False Claims Act Whistleblower Protection Law

Cybersecurity Whistleblower Protection Against Retaliation

Cybersecurity SEC Whistleblower Cases

The SEC can take enforcement action for a wide variety of cybersecurity violations, including:

  • Third-party risks – monitoring vendors and having a process in place to identify third-party breaches and disclosing the impact of the breach;
  • Failure to protect customer data, including HIPPA-protected information, PII, and intellectual property;
  • False representations about breaches; and
  • Inadequate processes or controls escalate cybersecurity issues.

cybersecurity whistleblower attorneyThe whistleblower lawyers at Zuckerman Law have substantial experience litigating Sarbanes Oxley whistleblower retaliation claims and have achieved substantial recoveries for CISOs, CIOs, and other senior professionals.  To learn more about corporate whistleblower protections, see our Sarbanes-Oxley Whistleblower Protection FAQ.  Click here to read client testimonials about the firm’s work in SOX whistleblower matters and other employment-related litigation.

To schedule a free preliminary consultation, click here or call us at 202-262-8959.


Sarbanes-Oxley Whistleblower Protection for Cybersecurity Whistleblowing

The whistleblower protection provision of the Sarbanes-Oxley Act provides robust protection to cybersecurity whistleblowers, and indeed some SOX whistleblowers have achieved substantial recoveries.   Leading whistleblower law firm Zuckerman Law has issued a guide to the SOX whistleblower protection law: Sarbanes-Oxley Whistleblower Protection: Robust Protection for Corporate Whistleblowers.  The guide summarizes SOX whistleblower protections and offers concrete tips for corporate whistleblowers based on lessons learned during years of litigating SOX whistleblower cases.

The goal of the guide is to arm corporate whistleblowers with the knowledge to effectively combat whistleblower retaliation, avoid the pitfalls that can weaken a SOX whistleblower case, and formulate an effective strategy to obtain the maximum recovery.SOX whistleblower protection


SEC Whistleblower Process

Cybersecurity Whistleblower Protection Resources 


Whistleblower attorney Dallas Hammer is a leading cybersecurity whistleblower attorney and has helped whistleblowers disclose significant wrongdoing concerning cybersecurity, information security, and data privacy.  He has also written extensively about protections for cybersecurity whistleblowers, including the following publications:

Dallas Hammer was interviewed by Corporate Crime Reporter regarding the rise of cybersecurity whistleblowing.

Hammer explained that raising concerns about cybersecurity issues qualifies for protection under the Sarbanes-Oxley whistleblower law: He cited as an example the Prioleau whistleblower case: “That case is about an employee who raised cybersecurity concerns about two policies that contradicted each other. He raised those through his chain of command. He was ignored and experienced retaliation. The question was whether blowing the whistle on these cybersecurity issues qualified for protection under the Sarbanes Oxley Act, which was originally passed with more of a focus on corporate and audit fraud. The Administrative Review Board of the Department of Labor found that such a disclosure was in fact protected.”

In the article, Hammer also discusses his substantial experience representing whistleblowers that have disclosed cybersecurity vulnerabilities and weaknesses in information technology internal controls.  He noted that cybersecurity whistleblowers that he represented have disclosed important compliance issues in many industries: “What we have seen in other contexts — for example, fraud on the government in general — is that when people start to listen to whistleblowers, it does help fix the problem. It brings a new set of eyes — eyes that are in a position to know things that outside regulators do not know, that the public at large does not know. It helps fix the problem.”



We are a Washington, DC-based law firm that represents whistleblowers in whistleblower rewards and whistleblower retaliation matters and litigates discrimination claims on behalf of employees in the District of Columbia, Maryland, and Virginia. The firm is dedicated to zealously advocating on behalf of our clients to achieve justice and accountability.

  • Professionalism
  • Honesty
  • Perseverance
User Review
5 (1 vote)


One Response

  1. anonymous February 11, 2020

Hello and welcome to Zuckerman Law.

For a free and confidential review of your claim, please contact the Director of Zuckerman Law’s Whistleblower Rewards Practice, Matthew Stock, at [email protected] or (202) 930-5901.