Cyber crime does not discriminate, in fact, in a 2019 report Australians reported an incidence of cyber crime once every 10 minutes with online scammers costing Australians $900,000 a day on average.
It is estimated that cyber security incidents leave some people tens of thousands of dollars worse off not to mention how it could affect your accounting firm’s reputation because as soon as you lose that trust of your clients they are never going to come back.
The flow-on effects can be significant
A cyber attack that leads to a significant data breach can have detrimental effects not only for the operational side of your firm but an also have legal ramifications for the Directors of the business through a shareholder class action where Senior Management may face regulatory investigation or litigation.
Data breaches also can carry significant trust and reputational risk, which could result in revenue loss/share price reduction for publicly listed firms, or even attract the attention from the Australian Securities Exchange or Australian Securities and Investments Commission.
More than just hacking
Australians lost millions of dollars to identity theft in 2019 through:
- Phishing emails and text messages which impersonate banks or utility providers seeking login details
- Fake online quizzes, surveys, and job advertisements
- Sourcing information from social media platforms
- Remote access scams in which the scammer has direct access to everything on your computer
- Direct request for scans of your driver’s licence or passport usually through a dating scam
One of the latest Australian Taxation Office Tax Scams is targeting victims of the recent natural disasters, promising an 8% bonus on 2020 tax returns if the receiver clicks on a link which will take them to a fake myGov website designed to steal personal information, including names, addresses, emails, phone numbers and online banking details.
Cyber crime case studies and the costs associated with these
The team at Accountancy Insurance are seeing a huge increase in the incidence of cyber crime. These are just a few examples of cyber crime incidences and the costs that were associated with these. The financial cost alone is often significant.
Ransomware
Total Cost: $83,660
A small accounting firm with 10 staff suffered a ransomware attack after one of the staff opened up what they thought to be an invoice attachment on an email. The attachment contained the Cryptolocker virus.
All the computers froze in the office and a message popped up demanding $8,000 (payable in Bitcoin) for the release of the system. This would increase by a further $1,200 per day up until such time it was paid.
Costs not only included payment of the ransom, but the costs of IT forensics, rebuilding the system after it was discovered it was full of bugs once it was released, business interruption costs, PR costs along with the costs of notifying the Privacy Commissioner together with customers and suppliers whom had their personal information breached.
Breach of Privacy
Total Cost: $246,000 plus ongoing litigation from those whom had personal data breached
An employee of a medium sized accounting firm accidentally left a USB stick, containing multiple clients personal data, in a taxi on their way home from a night out after work.
On discovering the loss, the employee notified his employers whom then engaged the services of the Incident Response Team whom immediately stepped in to work with the firm to identify the clients whose personal data was exposed. A total of 175 clients were affected and had to be notified along with the Privacy Commissioner.
In addition, Credit Monitoring Services were retained for the next 12 months for all affected clients and a PR firm hired to restore confidence and mitigate negative publicity generated from the event.
Hacking
Total cost including the associated business interruption: $330,000
A disgruntled employee of a financial services firm changes all administrator passwords to the network which effectively shuts the entire company out of their systems. The systems’ security access had to be rebuilt before it was up and running again. In this time the firm could not operate.
Malware
Total Cost: $300,000
The computer system of an accounting firm’s Cloud Provider is disabled as a result of an aggressive computer virus. In addition the business suffers a loss of profits during the time the system is being restored and for a period of 6 months after.
Identity Theft
Total Cost: $140,000
An accounting firm suffered a break in and a number of laptops containing the personal information of clients and personnel were stolen. Unfortunately this information was not encrypted. Several clients became victims of identity theft and as a result sued the accounting firm for damages. In addition the firm incurred significant costs in notifying all affected clients/staff and offering credit monitoring services for two years.
Social Engineering
Total Cost: $174,000
Late on a Friday afternoon before a public holiday weekend a senior staff member of an accounting firm received an email, purporting to be from a client, advising the change of bank account details of that client and requesting urgent payment be redirected to the new account. The email looked genuine and the employee paid the funds.
2 weeks later the client contacted the accounting firm following up payment and the staff advised them that it had been paid. After investigation it was found that the network had been breached 6 weeks earlier.
Although these seem significant they are not abnormal examples. Could your accounting firm sustain an unexpected financial burden like this, moreover, if you could prevent this, wouldn’t you want to?
What can you do to be protected?
There are many ways that you can protect your accounting firm from a serious cyber attack like one of those listed above.
One important step is to ensure that your team is well informed on what to look out for and how to spot one of the most common forms, and easily preventable breaches of your IT software; an email scam.
Six ways to spot an email scam
- The email does not address you directly
- Bad grammar/spelling
- Distorted images
- Instructions to click a link
- Weird origins
- A sense of urgency
Naturally it is important that you have the most up-to-date antivirus software and firewall installed. These are essential but are only part of the solution as these measures can, and often do, fail.
These three steps may help to reduce the likelihood of a cyber attack
- Regularly back up data and use complex passwords
- Browse secure sites and avoid opening attachments from unknown senders
- Implement comprehensive cyber insurance, such as Cyber Shield.
Additional level of protection for a truly comprehensive solution
Insurance should be seen as part of a solution and as an additional layer to your security process. Cyber Shield is a comprehensive cyber insurance solution designed to protect your accounting firm against the damaging effects following a cyber attack.
Cyber Shield covers cases like those listed in the above case studies plus many other cyber crime related incidences. In the event of an attack, Cyber Shield will provide comprehensive, prompt assistance in your time of need for:
- Theft of data
- Extortion threats
- Loss of business income
- Restoration costs
- Security and privacy breaches
- Legal obligations
- Plus more!
Without Cyber Shield, your accounting firm could incur significant operating downtime and substantial expenses in order to recover lost data and restore your client’s confidence.
The benefits of Cyber Shield:
- Designed specifically for accounting firms, the cover is relevant to the needs of the profession.
- Competitive premiums are a certainty.
- Provides the services of an incident response team following a cyber attack.
- Cover is comprehensive, ranging from data recovery to privacy regulatory defence costs, plus much more.
Complete the Cyber Shield Application Form to receive an obligation-free quote for a cyber insurance policy with Accountancy Insurance.
Talk to Accountancy Insurance’s Professional Risks team about protecting your accounting firm with Cyber Shield by calling 1300 552 867.
Karen McDonald
Associate Director – Professional Risks