Data breaches and other types of cybercrime are a real and alarming issue accounting firms of all sizes face. To help alleviate the risk of potentially crippling damages, cyber liability insurance should be considered.
By Lauren Pitonyak
Cybercriminals and hackers constantly seek new modes of illicit access to valuable information and finances. With the proliferation of generative artificial intelligence (AI), it has become easier than ever for hackers of all skill levels to increase the scope, speed, and complexity of their attacks.
According to the International Monetary Fund, almost one-fifth of reported cyber incidents in the past 20 years have affected the financial sector.1 Financial firms have reported significant direct losses, totaling nearly $12 billion since 2004, with $2.5 billion alone since 2020. You and your clients face this growing risk every day.
Your clients’ finances are a valuable commodity to cyberthieves. One hacking event could jeopardize their future and your professional reputation. With financial industry average breach costs totaling more than $6.08 million in 2024,2 how you handle a hacking event can be the difference between weathering a cyberattack and shuttering your doors for good.
Data breaches and other types of cybercrimes are an issue financial and accounting firms of all sizes must face. Gallagher Affinity believes cyber liability insurance can help your business and clients manage the uncertainty of the digital age.
Cyber liability insurance covers your firm’s liability for a data breach or hacking event involving sensitive customer information, also known as personally identifiable information (PII). This can include Social Security numbers, credit card and banking information, and driver’s license numbers.
We all know the devastation that can be wrought when a criminal gains access to banking credentials, but even basic information in the wrong hands can have severe consequences. A breach of your clients’ names, addresses, phone numbers, and email accounts can make them vulnerable to stolen identities and targeted phishing schemes.3
Cyber liability insurance isn’t required for CPAs, but it makes good business sense. There’s a reason major custodians such as Charles Schwab and Fidelity Institutional require registered investment advisers (RIAs) to show proof of coverage to do business with them: the risk of a cyberattack simply isn’t going away.
A comprehensive cyber policy will insulate your firm against the significant costs associated with a data breach. Remediation expenses have surged and can take a considerable chunk of your firm’s bottom line if you’re not properly prepared.
Let’s start with first-party expenses. These are the costs you incur immediately following a data breach, such as hiring forensic IT experts to identify the cause of the attack and professionals to repair your systems. In a comprehensive policy, you’ll receive assistance with these costs. Here are a few more expenses that may be covered:
Other expenses often follow a breach, many of which are related to claims filed by unhappy clients. A cyber policy can help with the following:
As cybercrime and hacking events continue to rise, more carriers are offering cyber liability insurance outright or blending portions of this coverage into other applicable policies, such as accountant professional liability insurance.
While blended or bundled coverage offers convenience and cost savings, these policies might not sufficiently address your firm’s unique risk. Additionally, opting for a combo policy can lead to frustration if you experience both a liability claim and hacking event in the same year. In such cases, you might find yourself having exhausted your policy limit, requiring your firm to foot the rest of the bill for one or the other.
Instead, follow the advice of the FTC and work with a trusted insurance expert to determine your coverage needs before you secure coverage for the greatest peace of mind.
1 The Last Mile: Financial Vulnerabilities and Risks, International Monetary Fund (April 2024).
2 Cost of a Data Breach Report 2024, IBM and Ponemon Institute.
3 Sabrina McClune, “7 Things a Cyber Criminal Could Do with Your Data,” Beyond Encryption (April 7, 2024).
4 Charles Pippert, “What Is Cyber Extortion,” Gallagher.
5 Consumer Sentinel Network: Data Book 2023, Federal Trade Commission (February 2024).
6 The Ultimate Guide to Data Breach Laws by State, Embroker (Feb. 20, 2024).
7 California Consumer Privacy Act (CCPA), State of California Department of Justice (March 13, 2024).
8 PCI DSS Quick Reference Guide, PCI Security Standards Council (July 2018).
Lauren Pitonyak is an account executive with Gallagher Affinity in Mount Laurel, N.J. She can be reached at lauren_pitonyak@ajg.com.
Gallagher Affinity is a PICPA Premier Platinum Partner that offers cyber liability insurance.
The information contained herein is offered as insurance industry insight, and is provided as an overview of current market risks and available coverages. It is intended for discussion purposes only. This column is not intended to offer legal advice or client-specific risk management advice, and any description of insurance coverages is not meant to interpret specific coverages your company may already have in place or that may be generally available. Actual insurance policies must always be consulted for full coverage details and analysis.
Sign up for PICPA's weekly professional and technical updates by completing this form.
Statements of fact and opinion are the authors’ responsibility alone and do not imply an opinion on the part of the PICPA's officers or members. The information contained herein does not constitute accounting, legal, or professional advice. For actionable advice, you must engage or consult with a qualified professional.
Statements of fact and opinion are the authors’ responsibility alone and do not imply an opinion on the part of PICPA officers or members. The information contained in herein does not constitute accounting, legal, or professional advice. For professional advice, please engage or consult a qualified professional.