Stresses the importance of strong cyber risk management and risk mitigation in a CPA firm’s fight against cybersecurity attacks.
by Irene M. Walton Sep 21, 2022, 15:41 PM
Insightful lessons can be learned by reviewing professional liability issues. With this in mind, Gallagher Affinity provides this column for your review. For more information about liability issues, contact Irene Walton at irene_walton@ajg.com.
Cybercrime and data breaches are now major threats for CPA firms and their leaders. Since 2018, the incidences of breaches that featured ransomware or extortion increased more than 40%. Globally, cybersecurity breaches sparked business losses
of $1.5 trillion per year and hits to revenue of up to 25%.1
In 2021, a record number of ransomware attacks – when hackers encrypt computers and data until a ransom is paid – affected businesses of all
types and sizes. The damages from these attacks will likely become more severe as ransom amounts increase. Ransoms grew from $7,000 in 2018 to $200,000 in 2020.2
Ransomware is just one piece of the accounting industry’s
cybervulnerability. Accounting leaders must plan for, and mitigate, the first- and third-party financial impacts of cybercrime and insider-precipitated data breaches. These costs can be immense. According to Ponemon Institute’s 2020 Cost of
a Data Breach Report,3 the average cost of a U.S. data breach was $3.86 million. This included lost business averaging $1.52 million. Even if your losses are a fraction of these amounts, they can still be the difference between booking
a profit or loss at the end of the year.
A defense from cyberattack can have dozens of elements. But before building your defense, first create an overarching strategy for keeping your firm safe. Experts say this involves building an enterprise cyber-risk-management program consisting of risk assessment, risk mitigation, and risk monitoring.
Even though all three elements are essential parts of a cyber-risk-management program, mitigation is where your firm’s ability to defend itself will succeed or fail.
As you might imagine, risk mitigation is a multifaceted endeavor. Here are some of the major defenses you should put in place at your firm:
At the end of the day, CPA firms will operate in an increasingly dangerous cyberenvironment. Only those that do the necessary planning stand a chance against increasingly skilled cybercriminals.
1 Malia Politzer, “Top Cyberthreats Targeting Accounting Firms,” CPA
Insider, AICPA (March 16, 2020).
2 Isaac Kohen, “3 Cybersecurity Trends CPAs Must Address This Tax Season,” CPA Practice Advisor (Jan. 31, 2022).
3 www.ibm.com/security/digital-assets/cost-data-breach-report/1Cost%20of%20a%20Data%20Breach%20Report%202020.pdf
4 www.verizon.com/business/resources/reports/dbir
Order by
Newest on top Oldest on top