Survey: Most Tax Pros Lack Knowledge about Cyberattacks | AccountingWEB

Survey: Most Tax Pros Lack Knowledge about Cyberattacks

By Jason Bramwell
When it comes to risks associated with cyber incidents, a majority of tax professionals do not have a firm grasp of what it takes to prevent attacks on their data, according to a new survey from the Travelers Companies Inc.
Of the 633 tax professionals polled at the National Association of Tax Professionals (NATP) annual conference in Phoenix last month, only 36 percent said they were very familiar with the risks associated with cyberattacks, such as computer viruses, data theft, and identity theft. More than half (51 percent) said they were somewhat familiar, 10 percent were not very familiar, and 3 percent were not familiar at all with cyber risks. 
Only 15 percent of tax professionals surveyed reported that their firm had purchased a cyber liability insurance policy or coverage. Fifty-five percent said their company did not have such a policy, while 30 percent were not sure. 
Do the businesses where these tax experts work have a written business continuity or disaster recovery plan? More than half (52 percent) of the tax professionals polled responded "no," with 33 percent indicating "yes." Fifteen percent didn't know. 
"Tax professionals need to prepare to withstand an unexpected event given the sensitive data they work with on a daily basis," Marc Schmittlein, Travelers executive vice president, who oversees the company's small business unit, said in a written statement. "It is increasingly important to have a written business continuity plan in place to identify and mitigate potential threats to a business."
Jeffrey Stark, CPA, audit partner at CPA and business advisory firm Sensiba San Filippo LLP, who is also a cyber risk expert, told AccountingWEB the size of the accounting firm will likely dictate whether it has implemented measures to protect itself and its clients against cyberattacks.
"A lot of times small mom-and-pop firms – with one, two, or three people in the office doing tax returns – have very limited use of computers and computer technology, so it would not be surprising at all if this would skew the [Travelers survey] results one way," he said. "Midsized and larger firms will have a much better grasp on this stuff.  However, this industry has been evolving from a paper world over the past five to ten years, and a lot of firms are still struggling with that challenge."

Other Key Survey Findings

  • Forty percent of the tax professionals surveyed said computer viruses, theft of customer information, business interruptions, and intellectual property theft were the cyber incidents they were most concerned about. Theft of customer information (30 percent) and computer viruses (20 percent) were the top two concerns. 
  • Of the tax experts polled, 45 percent said they were somewhat confident their firm had adequate insurance coverage to protect against cybercrimes. One-fourth (25 percent) said they were not very confident, 20 percent were very confident, and 11 percent were not confident at all. 
  • In terms of their company having adequate insurance coverage to protect against insurable risks that can result in significant financial losses or cause the company to go out of business, 40 percent of tax professionals said they were somewhat confident, 36 percent were very confident, 18 percent were not very confident, and 6 percent were not confident at all.
According to Stark, many firms are struggling with this transition because they might not have the right leadership structure or personnel in place to implement safeguards to prevent cyberattacks.
"Many of these firms are partnerships where a partner has his or her own client base," Stark said. "The strategic investment in IT and the strategic investment that it is going to take in making these decisions require changing processes internally. If you have separate partners sharing resources – whether it is a building or maybe some admins – it makes it a lot more difficult than a firm that has a corporate leadership structure.
"It is also really difficult to find people who can help firms [become more secure]," he continued. "It is a technical issue, it is a business process issue, you have to find the right applications, you have to find the right team, and you will have to retrain your employees. These employees are focused on difficult technical issues related to the tax code. At the same time, they will have to learn all of this new technology related to Internet connectivity and so forth. It is a big challenge. The firms that have a technical person and a business process person who are aligned to get these initiatives pushed through are the ones that will be more advanced than the firms that do not have those people."
AccountingWEB Readers  Join the Discussion:
  • What cyber incidents concern your firm the most?
  • What steps has your business taken to prevent cyberattacks from occurring?
Please share your thoughts in the comments section below.
About this survey:
Travelers Companies Inc. conducted a survey of 633 tax professionals on-site at the NATP annual conference from July 8 to 11 in Phoenix. The results are intended to represent those tax professionals in attendance.
Related articles:
Wait, there's more!
There's always more at AccountingWEB. We're an active community of financial professionals and journalists who strive to bring you valuable content every day. If you'd like, let us know your interests and we'll send you a few articles every week either in taxation, practice excellence, or just our most popular stories from that week. It's free to sign up and to be a part of our community.
Premium content is currently locked

Editor's Choice

As part of our continued effort to provide valuable resources and insight to our subscribers, we're conducting this brief survey to learn more about your personal experiences in the accounting profession. We will be giving away five $50 Amazon gift cards, and a $250 Amazon gift card to one lucky participant.
This is strictly for internal use and data will not be sold
or shared with any third parties.