In our experience, Government contractors do not have too much to be concerned about. Government employees are trained and instructed to protect all contractor data - regardless of whether the data contains protective markings. Data provided to auditors for example, get bound into folders and stuffed into filing cabinets for a few years, then boxed and sent to a Federal Records Center for a few more years, then destroyed. There is very little risk that contractor proprietary data will get into the wrong hands. There is less risk that if the information should leak out, it would irreparably harm the contractor.
There was one case many years ago where Congress requested contractor proprietary information from Defense Contract Management Agency (DCMA) that was subsequently publicized in a Congressional hearing. The contractor protested loudly and for a long time afterward, there was a lot of mistrust whenever DCAA or DCMA requested proprietary information necessary to perform its work.
Anyone who releases proprietary information to an unauthorized party, risks fines and jail time. The law pertaining to unauthorized disclosure of contractor information, and penalties for violation thereof, is contained in 18 USC 1905:
Whoever, being an office or employee of the United States or of any department or agency thereof, any person acting on behalf of the Office of Federal Housing Enterprise Oversight, or agent of the Department of Justice as defined in the Antitrust Civil Process Act, or being an employee of a private sector organization who is or was assigned to an agency under chapter 37 of title 5, publishes, divulges, discloses, or makes know in any manner or to any extent not authorized by law any information coming to him in the course of his employment or official duties or by reason af any examination or investigation made by, or return, report or record made to or filed with, such department or agency or officer or employee thereof, which information concerns or relates to the trade secrets, processes, operations, style of work, or apparatus, or to the identity, confidential statistical data, amount or source of any income, profits, losses or expenditures of any person, firm, partnership, corporation, or association; or permits any income return or copy thereof or any book containing any abstract or particulars thereof to be seen or examined by any person except as provided by law, shall be fined under this title, or imprisoned not more than one year, or both; and shall be removed from office or employment.One last thing. Contractors who object to providing routinely requested information will sometimes pique an auditor's curiosity. Auditors might wonder what the contractor is trying to hide and they'll dig a little deeper than they might otherwise have. That's called "risk assessment".