CPA Cyber Risk Management & Insurance

In today’s challenging computing network environment – and expected to continue – Cyber security is top of mind and critical to the viability of all organizations, accounting firms obviously included. In this RiskTip we want to primarily explore the options available to insure/transfer the risk.  There is indeed another key part – managing this risk effectively requires two components:  (1) Control and (2) Transfer/Insure.  Admittedly, we are not information technology and security experts.  That subject is deep and wide.  The element of “controlling” the risk is best suited for these professionals and many articles have been written addressing this area.  Again, the risks must be rigorously identified and controlled but insurance/transfer is also critical as not all exposure can be removed by way of control.

Cyber Liability Insurance, as is all insurance, is reactive in that it is triggered upon an occurrence of breach or loss of private information.  The two primary cyber events we see occur within CPA firms, which can be reimbursed and/or paid-on-behalf of you, are (1) Crisis Services and (2) Cyber Legal Liability.  Crisis Services includes forensics, notification, credit monitoring and legal guidance expenses.   Proper steps after a breach occurs are critical and most insurance companies connect insureds with a cyber-breach expert to ensure that the severity of the event does not grow due to missteps in handling the forthcoming correspondence.  Legal Liability coverage is critical should a negligence or breach of duty suit be brought against you and is there to fund your attorney fees and other defense-related costs.

There are certainly additional exposures that can be covered by cyber insurance.  Coverage terms and additional coverage parts vary by underwriter but often include items such as loss of your own digital assets, non-physical business interruption, regulatory claims, cyber extortion (ransomware) coverage, media liability, employee privacy liability and other ancillary lines.

In closing, we think it is important to note what types of claims and expenses are associated with this risk. 2019 NetDiligence Professional Services Spotlight references 155 different insurance cyber claims, brought against various Professional Services businesses from over 9,000 total claims analyzed (2018-2022).  Here are some key findings of the report:

• The average total breach cost was $162K.
• The median cost was $45k.
• The average cost for legal defense was $33k. The median cost was $16k.
• The average cost for crisis services (post-breach) was $108k.
• Ransomware was the most common cause of loss, accounting for 20% of claims over the past 5 years.

While the above data is from the most recent NetDiligence study specifically directed at professional services firms, we know that losses have increased in dollar severity and frequency over the past 18 months and are not showing signs of slowing down.  As a natural result, the cost of cyber insurance is increasing significantly with many renewals showing 20% to 50% rate increases so far in 2021.

The securing of Cyber Insurance should be carefully managed.  It is not a “commodity”.  I.e., each underwriter issues their own independent forms containing unique terms, definitions, exclusions, conditions, etc.

Golsan Scruggs is an insurance brokerage firm operating throughout the United States specializing in Accountants Errors & Omissions (E&O) insurance (aka professional liability insurance). As one of the largest Professional Liability brokers in the U.S., we have a dedicated staff that understands the risks of the accounting industry and delivers superior results.

At Golsan Scruggs, we believe it is incumbent upon us to earn the right to be appointed as your insurance and risk-management agent. Our CPASURE process exists to serve that purpose.

Our CPASURE Review will analyze your unique exposures, provide rate details and comparisons, and provide a contract comparison. No application required.

To obtain your complimentary CPASURE Review, please provide the following information or contact us at (800)273-5883. Fields marked with * are required.