[IMGCAP(1)]Cyber liability has moved to the forefront of hazards facing the CPA profession, according to industry experts.

“We’ve had the whole gamut of losses in the cyber area, including stolen or lost laptops that contained confidential client information,” said Bill Thompson, president of CPA Mutual. And CPAs are prime targets for hackers, he indicated.

“We’ve had firms that have been hacked with ransomware and had to pay a ransom in order to get back access into their system,” he said. “I don’t think that most CPAs are truly aware of the danger they face every single minute their servers are not protected properly, and they don’t have password encrypted email service. If you were a thief and wanted financial information, who is better than CPA firms?”

There has been a great deal of buzz about a variety of new enhancements being promoted by various insurance companies, according to Rickard Jorgensen, president and chief underwriting officer at Jorgensen & Company, a professional liability and risk management consulting firm.

“Many of these new coverage features are a great leap in the right direction to provide affirmative coverage for CPAs and liability arising from web-based activities, hacking attacks or loss or theft of client-sensitive data,” he said. “Many insurers have offered legal liability from electronic media perils or client identity theft for a number of years. Coverage for breach notification and client credit record monitoring—often described as first party coverage—is also a usual part of the coverage, and limits of up to $50,000 in costs are available.”

Certain specialist professional liability agents have also made available to clients a specific cyber policy that can expand the range of coverage to include damage to network assets, cyber terrorism and cyber extortion, according to Jorgensen. “For the average CPA, the most important additional coverage may be coverage for the expenses and monies resulting from cyber extortion,” he said.

Cyber extortion occurs when a hacker breaks into a CPA’s computer network and installs a malicious computer code commonly known as ransomware. A threat is then made by the hacker that demands the CPA pay money or the hacker will release, divulge, disseminate, destroy or use the client’s confidential information, or alternatively restrict access to the CPA’s computer system.

Jorgensen cited an episode of “The Good Wife” in which an overseas hacker attempted to blackmail a law firm into paying a ransom. “The firm was able to prevail and catch the bad guys, but invariably this does not happen,” he said.

Most professional liability policies don’t provide coverage for cyber extortion, according to Jorgensen. “It is a new and evolving coverage concept and insurers have yet to fully understand how to underwrite this risk. This is an innovative coverage feature of a professional liability policy.”

Cyber liability is an area that tax preparers need to explore further with their insurers, according to both Thompson and Jorgensen.