With data breaches and cyber hacks dominating the headlines seemingly every day - Equifax and Yahoo are just the latest big name companies to report a mega-breach - business leaders are becoming ever more concerned about hackers and other breaches in data security.
This threat is doubly vexing for accounting firm leaders, who face the dual challenge of not only protecting their information as a business, but also protecting client information.
Data breach laws have now been adopted by 47 states in the U.S. Potential exposures and risks for closely held company directors and officers are now reaching the level of publicly held companies, according to CPA Mutual, a national risk retention group and accounting firm liability coverage provider.
Judges are less likely to throw out claims than they were in the past, even for small and mid-sized independent public accounting firms. Liability not only affects the business, but also can extend to individual leaders.
According to CPA Mutual, since offering cyber coverage to their clients, members have experienced 18 cyber losses. On average, these have cost just under $17,000 with the most expensive claim to date coming in at $166,000. Since 2015, the number of claims has doubled each year.
Given this climate, says Bill Thompson, CPA, RPLU, President of CPA Mutual, it is imperative CPA firm leaders regularly review their cyber liability policies to ensure they have the best plan in place.
Some insurers like CPA Mutual that offer cyber liability insurance also have resources for risk mitigation and disaster planning. However, cyber liability insurance primarily covers the costs associated with an actual breach, according to Kari Stern, senior claims manager with NAS Insurance in California.
“That’s where the most expense is: costs associated with counsel for legal advice and draft notices. There are IT forensics costs to determine where the breach occurred and to what extent data was compromised,” Stern says. “If you need to give notice and have clients in multiple states, drafting notices becomes really important so that it’s done efficiently. Each state has different notification requirements. You may also need a call center set up to handle queries once the notifications go out.”
About Deanna Arteaga
Deanna Arteaga is a professional freelance writer and public relations specialist who for the past six years has covered CPA industry trends for AccountingWEB. She also writes about CPA firm marketing, higher education and professional development for CPAs, and workplace trends in the accounting profession. She has more than 20 years of journalism and public relations experience, including her tenure as a former newspaper reporter in suburban Chicago where she covered breaking news, municipal politics, and state legislative issues.