Cybercrime has increased over the past 18 months, affecting businesses of all sizes and across all industries, including accounting firms. And unfortunately, the cost of dealing with a cyberattack could bankrupt a business. For example, according to IBM, recovering from a data breach costs businesses an average of $4.24 million.
Accounting firms are particularly vulnerable to cybercrime due to the amount of personally identifiable information they keep on file. In fact, according to Verizon’s 2020 Data Breach Investigation Report, there were 3,950 confirmed data breaches in 2020 alone, and of those, personal data was accessed in nearly 60. % of violations that occurred.
Common cyberattacks that can impact an accounting firm are:
- Data Breaches;
- Ransomware ;
- Business Email Compromise; and,
- Business account takeover.
Cyber insurance protection
This increase in cybercrime has led to increased awareness and interest in cyberinsurance. This type of insurance policy protects businesses against various technology-related risks. It provides coverage to help businesses prepare for, respond to, and recover financially from cyberattacks.
Different cyber insurance products provide coverage for different types of cyber attacks. For example, providers may offer both cyber liability insurance and data breach insurance under two separate policies.
Depending on your policy(ies), cyber insurance can help reduce costs related to:
- Business Interruption/Downtime;
- Loss of income;
- Property damage ;
- Legal fees;
- public relations costs;
- Forensic analysis;
- Fees and fines associated with legally required notifications; and,
- Customer turnover.
A hardening cyber insurance market
As more and more business owners are interested in securing cyber insurance coverage, it is no longer as easy to obtain as it once was.
The increase in ransomware attacks over the past year has led more and more organizations to seek cyber insurance. Ransomware insurance claims have increased by 35% in 2020, with the rise continuing in 2021. Insurance companies have taken note of this crime wave, and some are now refusing applicants, raising rates and limiting coverage. blanket.
Insurance policies and payouts depend on your company adhering to cybersecurity IT best practices. As the cyber insurance market hardens, insurers are looking for customers with security controls that meet higher standards. This means that the more your accounting firm can implement cybersecurity best practices, the more likely it will be to obtain insurance coverage and/or better rates.
Computer best practices
Cybercriminals can infiltrate a system through a variety of entry points. For the highest level of protection, your managed service provider or internal IT team should take a broad, multi-layered approach to cybersecurity.
Cybersecurity best practices — which will be questioned on cyber insurance claims — include:
- Next-generation firewall. It is a network security system that monitors and protects your network from malicious or unnecessary traffic. Next-generation firewalls offer deeper inspection capabilities than traditional firewalls and use advanced protection subscription services for additional threat prevention.
- Spam filtering. These programs detect and filter malicious emails and secure critical business information.
- Virtual Private Network. It is a secure channel between the user’s computer and the servers in the office that protects against attackers infiltrating the system.
- Security information and event management. This type of software allows organizations to detect incidents that might otherwise go unnoticed. This solution makes it easier for organizations to manage security by filtering massive amounts of security data and prioritizing security alerts generated by the software.
- Endpoint detection and response. This consolidates data across all endpoints to provide a complete picture of potential cybersecurity threats. When organizations combine EDR with next-generation antivirus software, they can help prevent and detect even the most advanced targeted attacks.
- Multi-factor authentication. This method of authentication goes beyond simply entering a username and password. By requiring users to provide two or more verification factors, MFA helps protect against attackers infiltrating a system or application using compromised passwords. Insurance companies want MFA enabled on all admin-level accounts with privileged or high-level access.
- Advanced threat detection and advanced threat prevention. ATD detects malware that has bypassed other cybersecurity measures and infiltrated the system, while ATP identifies advanced malware threats before they enter a system. Both technologies are relevant for several security solutions, including next-generation firewalls and EDR software.
- Vulnerability scan management tools. Monthly vulnerability scans could detect current and upcoming issues that need to be addressed to keep the network and devices secure. Additionally, completing monthly IT activity reports that involve ensuring that all machines, servers, and products are up-to-date can mitigate potential cybersecurity risks.
Ironically, while cyber insurance coverage is more essential than ever for businesses, it is also becoming increasingly difficult to obtain. Fortunately, accounting firms that use IT best practices to protect against cybercrime will have a better chance of being covered than those that don’t.