RISK & COMPLIANCE
The Last Mile in Cybersecurity: Buying Cyber Insurance BY ANTHONY W. MONGELUZO, PCS, LLC
For several years, I’ve been urging accountants and their staff to have cyber insurance. Unfortunately, your standard business policy doesn’t cover it. (Please tell me that you’ve been reading New Jersey CPA magazine and have followed my advice.) With the new year in full swing, now is the time to implement two vitally important initiatives for protecting your data: One is DYI, and the other requires broader protection. When IT experts caution users about the increase in threats, we sense the warnings are unheeded. If you doubt the importance of growing cybersecurity threats, mull over my experience. A few years ago, the application for cyber insurance was about two pages. Now it’s more like seven pages, and the specificity of the questions is far more pointed. “Do you have a backup?” was a simple question years ago. Now insurance companies want to know the precise nature of your backup and whether you have a plan if your backup fizzles. What has happened should be apparent. Insurance companies have hired some very smart IT firms to navigate the terrain and ensure that the best safeguards are in place so they are less likely to pay out on a policy. And please, don’t even consider not getting the best cybersecurity insurance. With the exception of IT companies, no one holds the keys to the data vault of their clients more than accountants. You are directly in the firing line of accountability if hacked. You have access to bank accounts, financial statements, Social Security numbers, even passwords. It’s a hefty responsibility. The potential nightmare if you’re a multistate accounting operation gets worse. If a hacker breaches you and a lawsuit emerges and you have clients in 10 states, your legal team must be familiar with each state’s law. Think of this potential cost. If all of this sounds like an IT scare tactic, it is. Because if a savvy hacker hacks you, it gets ugly trying to fix the damage. Now that I’ve scared you, here is what you can do almost immediately.
20
SPRING 2022 | NEW JERSEY CPA
IT’S ON YOU Two-step verification is the starting point. I repeat this constantly because it is literally the easiest, most effective way to protect you. Is it irritating? Yes. But the potential protection is more than worth the 20 seconds of annoyance. Next is virus control. Built-in virus protection programs are not enough for accountants. You need front-line virus protection. We recommend Barracuda (barracuda.com) and Sentinel One (sentinelone.com). (We have no financial stake in either company.) Another important step is to ensure that your staff understands phishing attacks and how to both recognize and halt them. IT’S ON THEM After you’ve incorporated these three DIY approaches to cybersecurity, it’s time to find a cyber insurance provider. Remember that basic business policies, like general liability, don’t hack it (forgive the pun). Here are tips on securing cyber insurance. y Shop around and get a least three price quotes. It’s a new frontier for insurance companies, and now everyone is an expert.
Small Business Statistics
y The average cost of a data breach for small organizations (less than 500 employees) fell to $2.35 million in 2020, compared with $2.74 million in 2019. y One in every five small businesses has no endpoint security in place, while one in three relies only on free cybersecurity solutions. y 28 percent of all data breaches involve small businesses. y 30 percent of small businesses consider phishing attacks to be their top cybersecurity concern. y Electronic Data Liability Insurance average premiums range from $619 to $3,297, with the highest premiums going up to $55,500. Source: Parachute Technology