While the frequency of most types of malpractice claims has been relatively static, professional liability stemming from cyber crimes against accountants and accounting firms has risen steadily over the past few years. Accounting firms are particularly rich targets for hackers and cyber fraudsters because they hold so much private, significant, information about so many people. It’s a veritable one-stop shop for the cyber criminal, and it’s the accountant who ends up holding the bag if lax security or negligence of some other sort leads to harm to the client.
Accountants aren’t expected to be technological wizards, but they do have an ethical obligation of competency in all aspects of their practice, which includes their use of technology. What does this mean in practical terms? It means that, at a minimum, you must keep informed about the technological threats presented to your systems, and available protections against them, and then make reasonable efforts to employ those protections.
Certainly, hackers and cyber fraudsters are sophisticated and continually changing their methods of attack, and no accounting firm, especially smaller firms, could be expected to be equally as savvy. But that doesn’t mean you don’t have to try to protect against infiltration of your computer systems and theft or misuse of your client’s information and assets. It would be folly to assume that just because you are a small firm you are less of a target. Every accounting firm has information that is valuable in the criminal economy. Statistics show that the majority of cyber crimes are crimes of opportunity: hackers look for the most vulnerable, easiest-to-access systems and strike those first.
Those attacks can result in several bad outcomes for you and your clients, ranging from general breaches of confidential information, to the theft of escrow funds, to compromised credit, to identity theft, to an inability to access your own systems causing you to miss deadlines, to name just a few. And any of these scenarios can ultimately lead to claims against you for professional liability.
So, how can you control the risk?
First and foremost, it is important to understand that, while there are available all sorts of technological tools to address cyber threats, ultimately, the key to cyber security is human behavior. Caution and alertness to the possibility of scams, discipline around what and how you download input onto your devices, adherence to various security protocols, and a willingness to regularly revisit and reconsider your system set up are what will make the difference. We have addressed some of these issues in this space in the past and will do so again in more posts during October, National Cyber Security Awareness Month.
But it is also important to plan for the fact that no plan is perfect. To that end, you should review your current professional liability coverage to determine whether and how much it provides coverage against potential losses arising from cyber crime and other computer system failures.