[BreachExchange] Cyber Liability a Growing Threat to CPAs

[Audrey McNeil]

http://www.accountingtoday.com/news/firm-profession/cyber-liability-a-growing-threat-to-cpas-77306-1.html

Cyber liability has moved to the forefront of hazards facing the CPA
profession, according to industry experts.

“We’ve had the whole gamut of losses in the cyber area, including stolen or
lost laptops that contained confidential client information,” said Bill
Thompson, president of CPA Mutual. And CPAs are prime targets for hackers,
he indicated.

“We’ve had firms that have been hacked with ransomware and had to pay a
ransom in order to get back access into their system,” he said. “I don’t
think that most CPAs are truly aware of the danger they face every single
minute their servers are not protected properly, and they don’t have
password encrypted email service. If you were a thief and wanted financial
information, who is better than CPA firms?”

There has been a great deal of buzz about a variety of new enhancements
being promoted by various insurance companies, according to Rickard
Jorgensen, president and chief underwriting officer at Jorgensen & Company,
a professional liability and risk management consulting firm.

“Many of these new coverage features are a great leap in the right
direction to provide affirmative coverage for CPAs and liability arising
from web-based activities, hacking attacks or loss or theft of
client-sensitive data,” he said. “Many insurers have offered legal
liability from electronic media perils or client identity theft for a
number of years. Coverage for breach notification and client credit record
monitoring—often described as first party coverage—is also a usual part of
the coverage, and limits of up to $50,000 in costs are available.”

Certain specialist professional liability agents have also made available
to clients a specific cyber policy that can expand the range of coverage to
include damage to network assets, cyber terrorism and cyber extortion,
according to Jorgensen. “For the average CPA, the most important additional
coverage may be coverage for the expenses and monies resulting from cyber
extortion,” he said.

Cyber extortion occurs when a hacker breaks into a CPA’s computer network
and installs a malicious computer code commonly known as ransomware. A
threat is then made by the hacker that demands the CPA pay money or the
hacker will release, divulge, disseminate, destroy or use the client’s
confidential information, or alternatively restrict access to the CPA’s
computer system.

Jorgensen cited an episode of “The Good Wife” in which an overseas hacker
attempted to blackmail a law firm into paying a ransom. “The firm was able
to prevail and catch the bad guys, but invariably this does not happen,” he
said.

Most professional liability policies don’t provide coverage for cyber
extortion, according to Jorgensen. “It is a new and evolving coverage
concept and insurers have yet to fully understand how to underwrite this
risk. This is an innovative coverage feature of a professional liability
policy.”

Cyber liability is an area that tax preparers need to explore further with
their insurers, according to both Thompson and Jorgensen.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160225/cac8cbd2/attachment-0001.html>