This is the archive of CPA Now blogs posted on the PICPA website through April 30, 2025. Want more recent blogs?
Cyber-Related Insurance Claims on the Rise among CPAs: Are You Prepared?
Cybercriminals are becoming more sophisticated, and insurance claims related to their acts are on the rise. This blog will focus on some of the types of claims rising within the CPA profession.
By John Raspante, CPA, CDFA
Cybercriminals are becoming more sophisticated, and insurance claims related to their acts are on the rise. This is becoming a real concern in many industries. As such, the cost of cyberliability insurance is escalating. Much has been written about the growing liability among companies from cyberattacks, but this blog will focus on some of the claims rising within the CPA profession specifically.
Here is a quick glance at where insurance claims are coming from regarding technology and data issues:
- Hard drives held for ransom
- Lost or misplaced portable devices
- Email hacks that penetrate the network
- Juice jacking
- Document destruction
Hard Drives Held for Ransom
This is probably the most common type of claim today. These claims are common in almost every profession and industry, and CPAs are not the exception. The average size of these types of claims among CPA firms is in the $25,000 range. However, having your hard drive frozen and held for ransom also results in the associated cost of the business interruption. This cost can’t be overlooked. Criminals typically come out aggressively during tax season and close to critical filing dates. In addition to the above, the chaos and confusion that comes with the process of unlocking the freeze cannot be over emphasized.
Lost or Misplaced Portable Devices
Lost and stolen devices have been an issue for the profession for years. Human error can always occur, but with the multitude of portable devices being used by firms and their employees, the threat has only grown. CPA firms need to be viligent and proactive regarding the notification laws in the states in which they operate. Should a device disappear that had client data on it, failure to properly notify impacted clients can result in significant penalties and fines.
Email Hacks that Penetrate the Network
Hackers and cybercriminals have become adept at fooling employees worldwide into unknowingly exposing networks to their nefarious aims. Strong passwords, dual authentication, pass phrases, and the regular changing of passwords will help reduce these types of infiltrations. Further, studying each mail and not clicking or suspicious email links are a best practice that all firms should emphasize.
Juice Jacking
Danger lies within airport charging ports and public docking stations! With the country slowing getting back to normal, juice jacking – the use of public USB power ports to steal data or install malware – is on the rise. Carrying your own charging cord and AC adapter can help you avoid public charging ports and docking stations so you don’t become a victim of juice jacking.
Document Destruction
While the emphasis in this blog has been on cyberthreats, don’t overlook the physical process of destroying hard documents and various office equipment with memory so important data is not lifted. Equally important, inform clients of your document destruction policy and for how long you maintain records. Perhaps you could include a file retention caveat within the engagement letter.
The specific areas of concern may change from year to year, but the basics of cybersecurity are constant: be vigilant in protecting client data, familiarize staff with the breach notification laws, and consider transferring risk by securing cyberliability insurance.
John Raspante, CPA, CDFA, is director of risk management at McGowan Pro in the New York metropolitan area. He can be reached at jraspante@mcgowanprofessional.com.
Sign up for weekly professional and technical updates from PICPA's blogs, podcasts, and discussion board topics by completing this form.
