This post is co-authored by Tamara Jack of LMI Government Consulting.

Federal government contractors, especially those in the manufacturing sector, continue to experience the economic impact of budget cuts, decreased federal spending, and increased regulatory requirements. Nonetheless, the federal government continues to be one of the largest consumers in the country, spending more than $500 billion annually on procuring goods and services. Below we have summarized the key trends in government contracting in the areas of cybersecurity and privacy, mergers and acquisitions, and bid protests from 2014 and how they are likely to impact government contractors in 2015.

Cybersecurity and Privacy

In 2014, we saw a number of high-profile cyber-attacks that resulted in data, personal records and financial information stolen and sold in a matter of days. Given that there is no sign of these hacks slowing down in 2015, cybersecurity and privacy are a top priority for all industries in the U.S., as well as the government and it contractors. Privacy and security are critical to every aspect of business operations. As businesses become more data dependent and data focused, data breaches become more publicized and compliance becomes more regulated.

For government contractors, and especially defense contractors, this means compliance with five new laws that were signed in December 2014, new Executive Orders expected in early calendar year 2015 related to information sharing, and compliance with the DFARS “Safeguarding” Rule, DOD Information Assurance Certification and Accreditation Process (DIACAP), and the Federal Risk and Authorization Management Program (FedRAMP). Aftermath of a data breach could lead to cure notices, adverse past performance, and possibly civil False Claims Act (FCA) implications, as well as reputational risk and responsibility issues which could lead to loss of awards.

So, for 2015, government contractors should focus on cybersecurity compliance and risk management. The keys to success are involving all relevant stakeholders across your company in this process, taking a proactive approach by identifying and mitigating risks where possible, keeping the dialogue open within the C-suite and the management team. We recommend that you start the year off by conducting an audit of your systems and data, understanding the data you have, assessing your processes for protecting data, and identifying what access controls are in place. It is equally important to review and refresh internal policies and procedures on data security and privacy, as well communicate with and train company personnel. Further, you should review the requirements in your contracts and other agreements with regard to data security, and flow-down relevant requirements to subcontractors and other vendors. Finally, companies should prepare an incident response plan, so that if there is a cybersecurity attack, you have a plan for how to immediately respond.

Mergers and Acquisitions (M&A)

Based on trends from 2014, the government contracting M&A market in 2015 is likely to see an increase in M&A activity in targeted markets, such as cybersecurity, cloud computing, and healthcare IT, particularly in response to the additional regulatory requirements in this area, as noted above. We also expect to continue to see large businesses acquire small businesses with lucrative long-term contracts. Buyers, however, need to be aware of the small business contracting rules, whether the acquisition will cause the small business to become a large business and, if so, how that will impact the small business’s current contracts and its opportunities for future contracts.

If the successor-in-interest no longer qualifies as a small business after the acquisition, it will not be eligible to compete for prime contracts that are set aside for small businesses. The new company can complete its performance of existing small business set-aside contracts, but the government will not be permitted to count any options exercised, modifications issued, or additional orders issued to the contractor under such contracts towards the government’s small business contracting goals. Also, if the contractor’s customers relied on purchases from the small business contractor to satisfy their small business subcontracting goals under their small business subcontracting plans with the government, the contractor’s customers will no longer be able to count purchases from the successor-in-interest towards their small business subcontracting goals. Furthermore, there are some requirements from which small business concerns are exempt that the successor-in-interest could potentially be exposed to after the acquisition, such as:

  • The federal government’s Cost Accounting Standards (CAS);
  • Creating and adhering to a small business subcontracting plan; and
  • Implementing a business ethics awareness and compliance program and a robust internal control system.

All of these factors should be considered in assessing the valuation of the target.

Bid Protests

In 2014, the number of bid protests filed at GAO rose 5% from 2013 with 2,561 cases filed. GAO’s sustain rate dropped from 17% in 2013 to 13% in 2014. GAO’s overall “effectiveness rate,” however, remained consistent at 43% of all protests closed during the fiscal year, which includes the protester receiving some form of relief from the agency as a result of voluntary corrective action or GAO sustaining the protest.

These figures are consistent with past trends, in which a decrease in federal spending leads to increased competition for awards, more bid protests, and delayed contract awards. The Court of Federal Claims’ willingness during the last few years to revisit protests denied by GAO and, thus, effectively add an appellate process for an unsuccessful protester, served to further delay contract awards. In particular, high-dollar, long-term awards continue to be vigorously protested and upcoming procurements for large programs are likely no exception. In 2015, offerors should anticipate and be prepared for protests in these large procurements by:

  • raising solicitation defects prior to submitting a proposal;
  • ensuring that proposals satisfy all requirements of the solicitation; and
  • if excluded from the competition or notified that another entity received the contract, requesting timely debriefings to identify potential protest grounds.