Everyone thinks it will never happen to them – until it does. Cyberattacks and digital security breaches are only becoming more frequent, and the data that accounting firms house is under significant threat. The problem is that, on average, only 5% of companies’ folders are adequately protected. And the cost of a breach can be far more detrimental than just monetary losses.
Here, we explore the true cost of failing to invest in cybersecurity.
Internal and external cybersecurity focuses
To create a secure work environment that protects against all digital threats, you need to focus on not just external attacks, but breaches – accidental or otherwise – that occur from within.
For many accounting firms, the biggest cybersecurity risk is actually their staff. In fact, in a UK study, a whopping 90% of all cyber data breaches come down to human error. That means if your staff aren’t trained in how to manage sensitive data appropriately, it can open up significant vulnerabilities to your firm and its clients.
In addition to internal staff training, you will need sufficient IT controls, strong access controls, all the critical policies and potentially insurance like business or cybersecurity cover.
Externally, you need to invest in the right cybersecurity tools, make sure any hardware like on-site servers are secure, and get quality IT resources. For smaller firms that can’t afford an on-site IT leader, an external provider can provide advice on things like cybersecurity tools, hardware, critical infrastructure and more to keep your clients’ data secure.
The eye-watering costs of being breached
There’s no denying that a cyber breach will not only lead to financial consequences, but also damage to your firm’s reputation and workplace culture. However, it’s the cost that really can be the difference between riding out a cyberattack and shutting up shop permanently.
Just consider the cost that accounting practices are hit with following a cyberattack. According to figures from The Tax Adviser, accounting firms spend between $70,000 and $300,000 to clean up after a cyberattack. And those amounts aren’t even inclusive of reporting and credit monitoring expenses (an additional $100,000 to $300,000), as well as the ransom costs themselves – typically around $100,000 for a small firm and $2.6 million, on average, for a large practice.
Decision-makers also need to deal with the higher frequency of attacks, with ransomware attacks occurring at a rate of 5.5 every minute in 2021 – which is 8,000 attacks daily.
If just one of those ransomware attacks slipped through your firm’s defences, would you be able to withstand the financial, reputational and work-culture damage to your practice? If not, then it’s time to invest in cybersecurity.
Where should you be investing?
So, you recognise the very real need to bolster your defences and invest in cybersecurity for your accounting practice. But what should you do first? In addition to using basic software like antivirus programs and password managers, consider these four essential focus areas:
1. Training and governance: Robust governance will ensure your firm’s defences stay strong. Provide regular sessions that mix training, Q&As, best practice and brainstorming. Always ensure hiring policies align with your overall cybersecurity strategy. Also nominate ‘cybersecurity leaders’ to provide guidance to the rest of your practice.
2. Solutions for hybrid and remote workers: Following the changes of COVID-19, working from home and a hybrid work model (e.g. 2 days in-office; 3 days remote) will be the new norm for many practices. So start investing in accounting solutions that not only streamline your team’s daily activities, but also bolster your firm’s security – especially for those working from home and remote-accessing into your systems.
3. IT security team: If you don’t have the in-house expertise or financial resources to hire an IT lead or head of cybersecurity, outsource your needs to a professional IT team. Even using an accounting practice solution can reduce the strain on your firm.
4. ‘What next?’ policies: From incident response plans to disaster recovery, you need robust cybersecurity policies that answer the most pressing questions. How will the firm respond to a cyber breach? When should you tell your clients? What is best practice when faced with a ransomware attack? Recovery can be slow and expensive, but with a clear roadmap in place you can mitigate any further damage while ensuring your company is following the correct policy at all times.
Just like cybersecurity, failing to invest in the right digital and cloud-based solutions for your accounting firm can cost you in the long run. With more and more clients looking for a streamlined accounting service, traditional firms need to adapt or risk perishing. APS is a best-in-class software solution that adapts to your specific style of working. Contact us today or call (+61) 2 9965 1300 to request a demo and find out more.
APS is a division of Reckon, an ASX listed company. We develop the software used by the best Accounting firms in Australia and New Zealand to run their business’ and advise their clients.