Cybercrime has been on the rise over the past 18 months, impacting businesses of all sizes and industries, including accounting firms. And unfortunately, the cost of dealing with a cyberattack could ruin a business. For example, according to IBM, recovering from a data breach costs businesses an average of $4.24 million.
Accounting firms are particularly vulnerable to cybercrime due to the amount of personally identifiable information they keep on file. In fact, according to Verizon’s 2020 Data Breach Investigations Report, there were 3,950 confirmed data breaches in 2020 alone, and of those, personal data was accessed in nearly 60% of the breaches that occurred.
Common cyberattacks that can impact an accounting firm are:
- Data breaches;
- Ransomware;
- Malware;
- Phishing;
- Business email compromise; and,
- Corporate account takeover.
Cyber-insurance protection
This rise in cybercrime has prompted an increased awareness of and interest in cyber-insurance. This type of insurance policy protects businesses from various technology-related risks. It offers coverage to help businesses prepare for, respond to and recover financially from cyberattacks.
Different cyber-insurance products provide coverage for different types of cyberattacks. For example, providers may offer both cyber-liability insurance and data breach insurance as two separate policies.
Depending on your policy or policies), cyber-insurance can help alleviate costs related to:
- Business disruption/downtime;
- Revenue loss;
- Equipment damages;
- Legal fees;
- Public relations expenses;
- Forensic analysis;
- Fees and fines associated with legally mandated notifications; and,
- Customer turnover.
A hardening cyber-insurance market
While more and more business leaders are becoming interested in securing cyber-insurance coverage, it isn’t as easy to get as it once was.
The rise in ransomware attacks over the past year has led more organizations to seek cyber-insurance. Ransomware insurance claims rose 35% in 2020, with the surge continuing in 2021. Insurance companies have taken note of this crime wave, and some are now denying applicants, raising rates and limiting coverage.
Insurance policies and payouts hinge on whether your firm follows IT best practices in cybersecurity. As the cyber-insurance market hardens, insurers are looking for clients with security controls that meet higher standards. That means the more your accounting firm can implement cybersecurity best practices, the more likely it will be to get insurance coverage and/or more favorable rates.
IT best practices
Cybercriminals can infiltrate a system through a variety of entry points. For the greatest level of protection, your managed service provider or in-house IT team should take an extensive, multilayered approach to cybersecurity.
Cybersecurity best practices — which will be asked about on applications for cyber-insurance — include:
- Next-generation firewall. This is a network security system that monitors and protects your network from malicious or unnecessary traffic. Next-generation firewalls offer deeper inspection capabilities than traditional firewalls and utilize advanced-protection subscription services for additional threat prevention.
- Email spam filtering. These programs detect and filter out malicious emails and secure critical business information.
- Virtual private network. This is a secure channel between the user’s computer and the office servers that protects against attackers infiltrating the system.
- Security information and event management. This kind of software enables organizations to detect incidents that may otherwise go undetected. This solution makes it easier for businesses to manage security by filtering massive amounts of security data and prioritizing the security alerts the software generates.
- Endpoint detection and response. This consolidates data across all endpoints to provide a full picture of potential cybersecurity threats. When businesses combine EDR with next-generation antivirus software, they can help prevent and detect even the most advanced, targeted attacks.
- Multifactor authentication. This authentication method goes beyond simply typing in a username and password. By requiring users to provide two or more verification factors, MFA helps to protect against attackers infiltrating a system or application by using compromised passwords. Insurance companies want to see MFA enabled on all admin-level accounts with privileged or high-level access.
- Advanced threat detection and advanced threat prevention. ATD detects malicious software that has bypassed other cybersecurity measures and infiltrated the system, while ATP identifies advanced malware threats before they enter a system. Both technologies are relevant across multiple security solutions, including next-generation firewalls and EDR software.
- Vulnerability scanning management tools. Monthly vulnerability scans could catch current and upcoming issues that need to be remediated to keep the network and devices secure. Also, conducting monthly IT activity reports that involves ensuring all machines, servers and products are up to date can mitigate potential cybersecurity risks.
Ironically, while cyber-insurance coverage is more critical for businesses than ever, it’s also becoming harder and harder to get. Thankfully, accounting firms that employ IT best practices to protect against cybercrime will have a better chance of getting covered than those that don’t.
