Agreed. The government doesn’t mandate disclosure of cybersecurity incidents in contract bidding. If a company has weak security and has data regularly stolen, they can bid on new contracts and obtain them without having to disclose their various incidents. Not good.