The Crucial Role of Cybersecurity for Accounting Firms (AICPA)
Technology
November 20, 2023This is a thought leadership article from PrimeGlobal Global Strategic Partner AICPA, outlining the importance for accounting firms to protect their reputation and keep clients’ trust by putting safety first and investing in cyber insurance and cybersecurity infrastructure.
Access our Technology Insights hub to access similar tools and resources to help your firm adapt to current challenges and opportunities that face the accounting profession.

Cybercriminals often target small companies because they don’t have as many data security measures in place, leaving them open to attack. Because accounting firms deal with private financial data, small- to medium-sized accounting firms are attractive targets for hackers.
You can protect your firm’s reputation and keep your clients’ trust by putting safety first and investing in cyber insurance and cybersecurity infrastructure.
Ensure your company’s private data is safe and losses are kept to a minimum by asking the right questions about your cybersecurity needs, types of cyberattacks, coverage limits and what happens if you don’t follow the policy.
An added layer of protection and financial support
When choosing a policy, make sure it meets your firm's specific needs. Speaking with your IT department presents an opportunity to understand the necessary measures to protect against data breaches, enhance your cybersecurity and relay that information to insurance providers for better protection with a tailored policy.
In the Tax Section Odyssey podcast episode “Understanding cybersecurity insurance (and why you need it),” Rudy Rudolf, executive AICPA Risk Advisor at AON, shared what small- to medium-sized accounting firms should expect when filling out applications for cyber insurance.
“Filling out an application [is similar] to a little checklist helping the firm think of things they want to implement...or even just how they generally deal with their internal networks and systems,” Rudolf said.
“Expect to answer mostly encryption [questions] and how things are protected within the networking system. Most people sometimes overthink encryption [as] an involved process when it’s [about] can someone you know off the street walk into your office and access information without providing any login credentials and password.”
Cybersecurity insurance is a crucial investment for accounting firms to protect themselves from lawsuits, heavy fines and expensive costs associated with data breaches and other hacks.
Accounting firms are often at risk of data breaches
Data breaches, where hackers gain unauthorized access and steal private client data such as personal information and financial records, are one of the most common types of hacks that accounting companies deal with.
“Since the [COVID-19] pandemic, the biggest [threat] on the rise has been ransomware attacks, which fall under the malware umbrella. It’s basically hacking into accounting firms’ networks and data and holding that information ransom until they pay a specified amount,” Rudolf explained.
“A lot of accounting firms think that they’re too small to come under a cyberattack...so they don’t have the security measures in place. But it’s reported that 30% of all cyberattacks are focused on attacking small businesses because of that lack of cybersecurity measures.”
Making cybersecurity a top priority can help keep your firm safe from ransomware threats. A data breach is less likely if you use strong firewalls, encryption methods and regular security checks.
Policies may not cover all cyber threats
Cyber insurance can provide financial support after a data breach or cyberattack, but it may not cover everything. Email phishing is a social engineering attack that is hard for cyber insurance policies to cover because there is no data security breach. Instead, the hacker uses a real email address that looks very much like a business email.
“[What] we’ve actually been dealing with for the past few years has been social engineering...when someone using [an] email address made to look like either a bank or one of the accounting firms’ emails,” said Rudolf. “If [hackers] pose as a bank, they’ll email the firm. If they pose as the firm, they’ll email the client saying, ‘Hey, you didn’t send this amount of money or payment for the services...send payment to [this] account.’”
According to Rudolf, specific endorsement cyber policies may offer coverage for phishing scams. Firms can also investigate separate crime-coverage policies for extra safety.
Failure to comply with policy may result in reduction or denial of coverage
Ignoring your cybersecurity policy can reduce coverage or result in claims for data breaches being denied.
“Usually, [providers] have either guides or basic security measures that they send over [and] expect their firms to have implemented to ensure that they can provide coverage. If you don’t meet or don’t have any of those standards in place, they could potentially deny coverage,” Rudolf said.
Policyholders must meet eligibility standards their insurance companies set for their coverage to stay current. To successfully reduce these risks, put cybersecurity measures at the top of your firm’s list of priorities and stay up to date on best practices.