Cyber liability: A growing concern for CPA firms
Did you know that one out of five cyber attacks hits a business with 250 or fewer employees?
We all watch the nightly news, and many of us think, “No one would target me or my business for a cyber attack; it isn’t worth their time,” but that simply isn’t the case. Considering that roughly 60 percent of small businesses close within six months of a cyber crime, everyone needs to be aware and concerned.
CPAs are among the prime targets for cyber criminals. Obtaining your clients’ tax returns, Social Security numbers, employer ID numbers, financial statements, and other sensitive data is like hitting the lottery for a hacker. And breaches aren’t limited to people gaining access to your network from another location. Stolen or misplaced laptops, a rogue employee with access to client information, mail containing confidential information opened by someone it is not intended for – these are all examples that fall under a privacy breach.
When a breach does happen, you have a certain responsibilities, some of which are even required by law. They include:
- hiring forensic experts to identify the cause of the breach and the individuals affected;
- notifying all affected individuals and entities that there has been a breach;
- securing credit monitoring for affected clients and their employees;
- responding to any negative publicity that may come from a breach;
- working with regulators to comply with privacy laws; and
- reimbursing clients and non-clients for any network damage caused to them by the breach at your firm.
There is a lot of work to be done if your firm experiences a network or privacy breach. It also can be quite expensive; the average cost for a privacy breach is $188 per compromised record.
Is your firm prepared in the event this happens to you?
Years ago, before cyber crimes and privacy breaches became a hot topic, the AICPA Insurance Programs created a product to address this, based on meetings and conversations with CPA firms, and from the foresight of the insurance professionals within our program. That product – CPA NetProtect – has recently been enhanced and includes the following coverage for firms that purchase the endorsement that complements their Professional Liability coverage through the program:
- notification costs and credit monitoring fees for all affected parties;
- public relations assistance to help minimize harm to your reputation;
- legal expenses to negotiate with regulators to comply with privacy laws;
- forensic services to identify the cause of the breach and to “seal” the breach;
- damage caused by rogue employees; and
- privacy event coverage for owners, partners and employees of the firm (to protect your own personal data).
While our Professional Liability coverage covers claims from your clients for a cyber event, the CPA NetProtect coverage extends this to claims from non-clients and third parties, such as merchants, contractors, service providers, and others – anyone whose computer system and information may have been damaged by unauthorized use of your computer network.
Is your firm prepared in the event of a network breach? If there is any doubt, contact me at (801) 559-9559 or Richard.Bacher@aon.com and we can discuss the cyber liability and insurance needs of your firm.
Richard E. Bacher is a business development specialist with Aon.