By Jason Bramwell
When it comes to risks associated with cyber incidents, a majority of tax professionals do not have a firm grasp of what it takes to prevent attacks on their data, according to a new survey from the Travelers Companies Inc.
Of the 633 tax professionals polled at the National Association of Tax Professionals (NATP) annual conference in Phoenix last month, only 36 percent said they were very familiar with the risks associated with cyberattacks, such as computer viruses, data theft, and identity theft. More than half (51 percent) said they were somewhat familiar, 10 percent were not very familiar, and 3 percent were not familiar at all with cyber risks.
Only 15 percent of tax professionals surveyed reported that their firm had purchased a cyber liability insurance policy or coverage. Fifty-five percent said their company did not have such a policy, while 30 percent were not sure.
Do the businesses where these tax experts work have a written business continuity or disaster recovery plan? More than half (52 percent) of the tax professionals polled responded "no", with 33 percent indicating "yes." Fifteen percent didn't know.
"Tax professionals need to prepare to withstand an unexpected event given the sensitive data they work with on a daily basis", Marc Schmittlein, Travelers executive vice president, who oversees the company's small business unit, said in a written statement. "It is increasingly important to have a written business continuity plan in place to identify and mitigate potential threats to a business."
Jeffrey Stark, CPA, audit partner at CPA and business advisory firm Sensiba San Filippo LLP, who is also a cyber risk expert, told AccountingWEB the size of the accounting firm will likely dictate whether it has implemented measures to protect itself and its clients against cyberattacks.
"A lot of times small mom-and-pop firms – with one, two, or three people in the office doing tax returns – have very limited use of computers and computer technology, so it would not be surprising at all if this would skew the [Travelers survey] results one way", he said. "Midsized and larger firms will have a much better grasp on this stuff. However, this industry has been evolving from a paper world over the past five to ten years, and a lot of firms are still struggling with that challenge."
According to Stark, many firms are struggling with this transition because they might not have the right leadership structure or personnel in place to implement safeguards to prevent cyberattacks.
"Many of these firms are partnerships where a partner has his or her own client base", Stark said. "The strategic investment in IT and the strategic investment that it is going to take in making these decisions require changing processes internally. If you have separate partners sharing resources – whether it is a building or maybe some admins – it makes it a lot more difficult than a firm that has a corporate leadership structure.
"It is also really difficult to find people who can help firms [become more secure]", he continued. "It is a technical issue, it is a business process issue, you have to find the right applications, you have to find the right team, and you will have to retrain your employees. These employees are focused on difficult technical issues related to the tax code. At the same time, they will have to learn all of this new technology related to Internet connectivity and so forth. It is a big challenge. The firms that have a technical person and a business process person who are aligned to get these initiatives pushed through are the ones that will be more advanced than the firms that do not have those people."
AccountingWEB Readers – Join the Discussion:
- What cyber incidents concern your firm the most?
- What steps has your business taken to prevent cyberattacks from occurring?
Please share your thoughts in the comments section below.
About this survey:
Travelers Companies Inc. conducted a survey of 633 tax professionals on-site at the NATP annual conference from July 8 to 11 in Phoenix. The results are intended to represent those tax professionals in attendance.