Accountants and cyber: What’s the number one threat?

Aon Affinity reveal the cyber exposures for accountants and tax preparers, and what brokers need to know

Accountants and cyber: What’s the number one threat?

Cyber

By Lucy Hook

We all know that the tax deadline is looming – but a more sinister threat may be on the horizon for accountants and tax preparers.

Cyber-crime is rising globally, but accountancy firms in particular are seeing a rise in phishing scam attempts, according to an IRS annual list which listed phishing as the number one cyber threat affecting tax preparers.

“[Accountancy] firms are increasingly a target for their information… and it doesn’t matter what size firm they are,” Gretchen McCole, vice president at Aon Affinity, Professional Firms told Insurance Business.

But despite the risks, many clients from the accounting world – who handle volumes of other people’s sensitive and private information – are still misinformed when it comes to their exposures around cyber, McCole said.

“Firstly, data placed in the firm’s care, custody and control is the firm’s responsibility – regardless of where it’s stored,” McCole explained, and this includes both client data and the firm’s own personnel data.

Many clients mistakenly believe that if they have used a file provider, the liability is transferred to them, McCole explained, when in fact they remain responsible.

Identifying what a breach is, and when one might have occurred, is also a challenge.

“When it comes to cyber, a breach is really just a potential exposure of privacy. Nothing even has to have happened with the data,” McCole said, adding that a simple loss of a laptop is enough to be considered a breach.

A lack of standardisation across cyber risks and solutions, plus a lack of guidance on what steps firms should take if they experience a breach, mean it’s a confusing landscape for the customer, she explained.

Want the latest insurance industry news first? Sign up for our completely free newsletter service now.

“There are lots of gaps, its time-consuming and it changes on a very regular basis – month to month things can be very different,” McCole said, adding that firms need an expert to help them navigate the more complex areas.

“I really don’t think [certified public accountants] are aware of some of the dangers they could face,” Robert Albertini, account executive at Aon Affinity, said, adding that some firms do not even adopt email encryption – critical to protecting information.

Accountancy firms are “great targets” for phishing, hacking and malware expeditions, he said, which can not only lead to the exposure of personally identifiable information but can cause significant down-time for a business.

The good news for brokers is that the risk averse nature of the accountancy industry means take-up of policies is high.

“Across the board they’re either adding cyber, in one way or another, to their overall risk transfer portfolio, or they’re in the process of discussing that with us to really understand their firm’s specific exposure and a tailored solution,” McCole said.

“It is and it’s continuing to be a big part of their budgeted insurance programme.”


Related stories:
Accountants’ insurance: What are the risks during tax season?
Top operational risks faced by companies revealed

Keep up with the latest news and events

Join our mailing list, it’s free!