Why Cybersecurity matters for CPAS

Why Cybersecurity Matters for CPAs

December 6, 2022

Cybersecurity threats increased by over 80 percent from 2014 to 2020. As we faced a global pandemic, industries across the board were pushed to improve their cybersecurity systems. Those that failed to do so ended up paying the price, to the tune of $1.5 trillion annually. With the sudden increase in cybercriminal activity, security threats for CPA firms and other financial institutions have no longer become a matter of “if” but a matter of “when.”

Why should CPAs consider cybersecurity a top priority? Partner mitigation risk. 

As an accounting firm, you have access to a lot of clients’ sensitive information. If your clients’ data is breached or leaked online because of inadequate security systems, there are severe penalties financially immediately and other disadvantages down the road. As a result, prioritizing cybersecurity to secure your clients’ confidential data is critical.

Need Help Securing Your Accounting Firm?

Why CPAs Should Prioritize Cybersecurity

In the news, you always hear reports of cybersecurity attacks among large companies. But here’s the thing: Attacks don’t always happen to large businesses. In actuality, cybercriminals favor small businesses, like CPA firms.

Why? Because CPA firms are easier targets that lack proper cybersecurity protocols.

Small businesses that have fallen victim to cyberattacks find it hard to recover due to the losses. Worse still, some businesses even go bankrupt after six months after a cyberattack.

If that’s not enough to convince you, here are five reasons why you should invest in your cybersecurity systems:

1. Vulnerability to Attacks

Hackers are getting more creative and efficient by the second. Cybercriminals seem to be one step ahead of organizations, even if they’ve implemented the latest security practices and systems. No matter how much you think your accounting business is safe, a data breach is always a possibility.

2. Significant Financial Losses

One of the most common cybercriminal acts is installing ransomware. Ransomware prevents users from accessing their valuable data by encrypting it, threatening to delete it or exposing the information online unless the criminals are wired money.

Data breaches are costly for your firm itself. A successful data breach can cost you 20 percent of your annual revenue.

Even if you’ve made somewhat of a recovery, the repercussions of a data breach can lead to your firm’s bankruptcy, a partner’s call for capital or other serious repercussions, like the next entry on our list

3. Declining Client Trust

If your firm cannot ensure data and cybersecurity, it may negatively affect your clients’ trust. You will lose future business when your clients realize that you can’t secure their data.

According to an article on Business Wire, “In the US, 83 percent of consumers claim they will stop spending with a business for several months in the immediate aftermath of a security breach, and over a fifth (21 percent) of consumers claim they will never return to a business post-breach.”

4. Legal Consequences

Organizations are legally required to demonstrate that they have made all necessary efforts to secure personal data.

As a CPA, when filling out the W-12 form (PTIN Number), you verify under Section 11, Data Security Responsibilities, that you have a data security plan in place as well as system security protections.

A screenshot of the Data Security Responsibilities section of a W-12 form.

If you fail to do so, whether intentionally or not, customers may pursue legal actions for compensation. According to a study published in Digital Realty, “94 percent would take, or would consider taking, legal action against any of the parties involved in exposing their personal information.”

5. Pervasive Hacking

A common myth about cybercriminals is that they must be professional hackers to execute cyberattacks, but this couldn’t be further from the truth.

An amateur hacker, taking advice from the dark web, can send a malicious email that infects your machine if you download the file. Information and guidelines for gaining access to sensitive data are readily available.

Cybercrime as a service is a simple, inexpensive hacking resource that anyone with a dark web browser can access. Anybody can perform cyberattacks, even those with surface-level knowledge.

Still not convinced? Here’s what the federal government says on the subject.

Need Cybersecurity for Your CPA Firm?

The FTC Safeguards Rule

The FTC is taking cybersecurity seriously, and you should, too.

According to the Federal Trade Commission (FTC) Safeguards Rule, tax preparers must implement security plans to protect client data. Failure to do so may result in an FTC investigation.

On June 9th, 2023, the FTC will start enforcing the Safeguards Rule to ensure that entities covered by the rule maintain safeguards to protect the security of customer information.

All companies interact with personally identifiable information, so understanding these new requirements is crucial.

>>Learn how to comply with these rules and read more guidance on data security in IRS Publication 4557, Safeguarding Taxpayer Data. Register for a free webinar on December 13, 2022: REGISTER

5 Non-compliance Consequences With the FTC Safeguards Rule

Compliance with the FTC Safeguards Rule is of the utmost importance. Here are five consequences of noncompliance:

  • Expensive fines. The maximum fine you can incur from a data breach is $11,000 per day. The agency can also seek damages for consent violations which could total over $43,000 per day for each violation, as well as possible jail time.
  • Extensive penalties. Your company could face long-term consent decrees or extensive injunctive relief, which could significantly stifle your business operations.
  • Litigation risks. Your company could be sued in case of a security breach. In cases where you have to notify victims after a breach significantly increases the risk of litigation.
  • Reputational damage. The ripple effect of a security breach cannot be underestimated. Not only will it impact your customers’ trust, but it will also worsen your relationships with other affiliates and suppliers.
  • Data loss. Your data is more valuable than you think. The average data breach in the United States costs $9.44 million, over $5 million more than the global average.

How We Can Help

The June 9th deadline is sooner than you think. Avoid fines, litigation and potential reputation losses by investing in your cybersecurity program.

According to the rule, CPAs and financial institutions must designate a qualified individual to implement and supervise their company’s information security program. That individual can be internal or the role can be outsourced to a provider like us.

Register today for our webinar on the FTC Safeguards Rule or book a quick call with us. We’ve got you covered.

Related Posts


Enter your details below and we will contact you within 1 business day.

"*" indicates required fields