Today’s world is more connected than ever before. And yet, with all the advantages of modern technology, the cyber threats that CPA firms face have never been greater.
This dire warning from PC Magazine, a leading authority on all things technology-related, should serve as a wake-up call for every business owner. “The internet is a dangerous place [and] security isn't getting any easier.”
Today’s digital landscape is rampant with phishing scams, all kinds of malware, brute-force botnets that infect internet-connected devices with viruses that allow hackers to control them, and countless other devious hacks. In addition, cybercriminals are getting smarter by the day. The growing sophistication of these bad actors is readily demonstrated by their increasing use of artificial intelligence (AI) and machine learning (ML) to more effectively target businesses and individuals.
In recent years, data breaches and other cybercrimes have resulted in significant fines and legal fees for major companies such as Capital One, Equifax, Marriott and The Home Depot, as well as for companies that other businesses rely on like Adobe, Dropbox, LinkedIn and Zoom. But it's not just large organizations that are susceptible. According to Insurance Journal, 55% of small businesses have experienced a data breach and 53% have had multiple breaches.
The damages from these data breach go far beyond the impact to a company’s computer system. There are also financial repercussions, harm to the company’s reputation, and the risk to its customers’ and/or employees’ personal information. That's why cybersecurity insurance can be a smart decision for any size business.
The role of cybersecurity insurance
Traditional commercial general liability and property insurance policies have typically excluded cyber risks from their terms, leading to the emergence of cybersecurity insurance as a “stand alone” line of coverage, explains the Cybersecurity and Infrastructure Security Agency (CISA). Also referred to as cyber risk insurance or cyber liability insurance coverage, cybersecurity insurance provides protection against a wide range of cyber incident losses that businesses may suffer directly or cause to others, including: costs arising from data destruction and/or theft, extortion demands, hacking, denial of service attacks, crisis management activity related to data breaches, and legal claims for defamation, fraud and privacy violations.
For companies that store financial, personal health or other client data, a comprehensive cybersecurity insurance policy is a must. The following are some common reimbursable expenses compiled by CSO Magazine:
- Investigation: A forensics investigation is necessary to determine what occurred, how to repair the damage and how to prevent the same type of breach from occurring in the future. Investigations may involve the services of a third-party security firm, as well as coordination with law enforcement and the FBI.
- Business losses: A cyber insurance policy may include similar items that are covered by an errors & omissions policy (errors due to negligence and other reasons), as well as monetary losses experienced by network downtime, business interruption, data loss recovery and costs involved in managing a crisis, which may involve repairing reputation damage.
- Privacy and notification: This includes data breach notifications to customers and other affected parties, and credit monitoring for customers whose information was or may have been breached.
All 50 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted security breach notification laws that require businesses or governments to notify consumers or citizens if their personal information is breached, according to the National Conference of State Legislatures. And, even though most states don’t require companies to offer free credit monitoring following a breach, the educational nonprofit National Cyber Exchange suggests that such a gesture goes a long way with public relations.
- Lawsuits and extortion: This includes legal expenses associated with the release of confidential information and intellectual property, legal settlements and regulatory fines. This may also include the costs of cyber extortion, such as from ransomware.
Is cybersecurity insurance enough?
Businesses across all sectors are beginning to recognize the importance of cyber insurance in today’s increasingly complex and high risk digital landscape, with about one-third of U.S. companies currently purchasing some type of cyber insurance, according to PricewaterhouseCoopers (PWC).
But, is that enough? The answer is no. While cyber insurance can provide financial protections should a data breach or other significant security event occur, it should never be seen as a panacea.
CPA firms need to ensure they have the right IT infrastructure in place to perform at the highest level of security necessary to maintain business continuity and minimize the risks of a data breach, ransomware and other cyberattack. Optimally, a fully-managed cloud hosting service can meet this need and more, including providing a reliable and remote connection to a firm’s IT infrastructure and data; a must-have for today’s mobile and remote workforce.
The world entered a heightened era of cyberattacks in 2020 and the financial consequences have been profound, with the Harvard Business Review reporting that ransom amounts have skyrocketed from five-figures to millions, including $10 million reportedly paid by Garmin.
The need for CPA firms to implement an effective cybersecurity risk management plan has never been more important. In addition to investing in a secure IT infrastructure to protect critical data and assets from emerging cyber threats and providing rigorous cybersecurity training for employees, cybersecurity insurance should also be an integral component of that plan. Think of it as a professional fail-safe should a cyberattack occur, resulting in potentially crippling costs to restore your business, deal with client lawsuits, repair your damaged reputation and other business losses.
Returning to the question about whether or not cybersecurity insurance is worth it; it's all about peace of mind and the goal should be never having to file a claim against it.
As an endorsed program of the FICPA, Coaxis offers special member pricing for its CPA program package. To learn more, visit www.coaxiscloud.com/ficpa or contact Lisa Bryant, executive vice president of corporate development, at (850) 391-1022 or firstname.lastname@example.org.