At a glance
Cyber attacks are on the rise, with almost four in 10 Australian businesses experiencing a breach in 2021, according to the 2022 Thales Global Data Threat Report.
Accountants are particularly attractive prey, due to the high volume of stored sensitive client data. In fact, the financial sector incurs the second highest volume of data breaches after healthcare, as reported to the Office of the Australian Information Commissioner between July and December last year.
Even stringent cybersecurity defences are likely to be breached at some point, warns Drew Fenton CPA, director at Fenton Green. “The risk profile of accountants is probably nine out of 10,” he says. “You’ve only got to look at the world and read the reports – without question, an attack is going to happen.”
Besides cloud-based data storage and ongoing staff cyber awareness training, practices should develop a back-up plan to minimise the financial and reputational impact of a breach.
For Fenton, cyber liability insurance is an obvious solution – one that provides peace of mind that, should you become the victim of a cybersecurity incident, all necessary actions will be executed on your behalf.
“When an insurer is involved, everything is done correctly,” he says. “They help get your business back in order, providing tech support to reinstate software, as well as public relations expertise to assist with notifying clients. They will also address your compliance obligations, in terms of reporting back to the OAIC.”
The third-party liability component of cyber insurance is equally significant, Fenton adds, explaining, “If you were to pass a virus onto a client and, as a result, a liability is made against your practice, solicitors will be available to assist you.”
Regular IT providers may not be equipped to contain or help practices recover from increasingly sophisticated and complex security incidents, Fenton says. Specialists deployed by cyber insurers, on the other hand, know exactly what to do.
“They come in with a very good understanding of the viruses that are in the environment, and if it’s a ransomware attack they will negotiate the situation,” he says. “You just ring a number, and it’s all done for you.”
When researching cyber cover, Fenton recommends reviewing policy terms carefully to ensure all conditions are met, as well as considering third-party cover. The right cover will equip your practice to respond to a breach quickly and appropriately, and to return to regular business operations with minimal disruption.
However, cyber insurance alone won’t mitigate bad cyber risk management measures. Practitioners need to make sure they put in place measures such as anti-virus protection, multi-factor authentication, data encryption and daily recoverable backups.
Insurers are tightening up their requirements, so all practitioners need to stay up-to-date with the latest available resources and make sure they are implementing them in their practice.