Beat the Breach: CPAs Can Help Keep Critical Information Safe

Photo by Alex Knight on Unsplash

CPAs can play a role helping their clients minimize or limit their risk.

CPAs have a unique view into all functions and operations of an organization and know where and how the information hackers most covet is stored.

Consumers have little faith in businesses to protect their personal and financial information. The recent news of the T-Mobile data breach – which included the names, social security numbers and driver’s license information of millions of Americans - is likely to further erode that trust. And that’s a problem CPAs are well suited to help their clients and companies address.

Nearly nine out of 10 Americans (89%) are concerned about the ability of businesses to safeguard financial and personal information, such as credit card or social security numbers, according to a survey conducted earlier this year by The Harris Poll on behalf of the Association of International Certified Professional Accountants (Association), representing AICPA & CIMA. Further, half (49 percent) saying they were very or extremely concerned.

“Cybersecurity has been an increasingly important consideration for the finance function over the past decade and it is now critical that every CFO is directly involved in the effective management of this significant risk,” said Ash Noah, CPA, FCMA, CGMA, and Association vice president of CGMA External Relations. “These breaches erode customer trust, have a devastating impact on reputation and a tangible impact on the bottom line. Understanding cyber risks and ensuring that organizations are devoting enough resources to mitigating them needs to be a top priority for all finance teams.”

Data breaches are incredibly costly to companies and individuals. A study by IBM found that data breaches cost companies an average of $3.8 million, with about 40 percent of that cost coming from lost business.

And breaches increase the risk of identity theft for consumers; 19 percent of Americans report being the victim of ID theft, according to the association’s recent poll.

Despite their lack of faith in companies’ ability to safeguard information, 25 percent of Americans still store their credit card or debit card information in online accounts, the Association survey found. This underscores the potential for information breaches to have a negative financial impact for millions of individuals each time there is a large-scale breach.

“Data breaches are becoming alarmingly routine, costing companies and individuals each time,” said Rich Vera, CPA, CITP, and member of the AICPA’s CITP credentialing committee. “And while hackers are continually finding new ways to access secured information, there are many things companies and individuals can do to better safeguard their information and minimize any potential damage a data breach can cause.”

CPAs can play a role helping their companies and clients minimize or limit their risk. CPAs have a unique view into all functions and operations of an organization and know where and how the information hackers most covet is stored. That broad perspective, coupled with their professional skepticism, allows CPAs to help organizations better identify cybersecurity risks.

Moreover, CPAs with the AICPA’s Cybersecurity Certificate can help their clients establish clear cybersecurity training programs and policies, such as regularly updating passwords and software, to assure best practices are followed.

The AICPA & CIMA’s Cybersecurity Risk Management Reporting Framework, also known as System and Organization Controls (SOC) for Cybersecurity, provides an independent, entity-wide assessment of your organization’s cybersecurity risk management program. Organizations can leverage it to evaluate the effectiveness of existing cybersecurity processes and controls and generate reporting on cybersecurity risks and management concerns. These reports provide transparency on cybersecurity risk management programs and help inform how to best manage risks.

Business owners in need of introductory guidance on cybersecurity should consult the AICPA’s Cybersecurity Resource Center for free tools and guides for addressing their cybersecurity needs and identifying the skills they want from a CPA cybersecurity expert.

Methodology

This survey was conducted online within the United States by The Harris Poll on behalf of the Association from January 13-15, 2021 among 2,040 U.S. adults ages 18 and older. 1,157 were married or living with a partner. For complete survey methodology, including weighting variables and subgroup sample sizes, please email james.schiavone@aicpa-cima.com

About the Association of International Certified Professional Accountants, and AICPA & CIMA

The Association of International Certified Professional Accountants (the Association), representing AICPA & CIMA, advances the global accounting and finance profession through its work on behalf of 696,000 AICPA and CIMA members, students and engaged professionals in 192 countries and territories. Together, we are the worldwide leader on public and management accounting issues through advocacy, support for the CPA license and specialized credentials, professional education and thought leadership. We build trust by empowering our members and engaged professionals with the knowledge and opportunities to be leaders in broadening prosperity for a more inclusive, sustainable and resilient future.

The American Institute of CPAs (AICPA), the world’s largest member association representing the CPA profession, sets ethical standards for its members and U.S. auditing standards for private companies, not-for-profit organizations, and federal, state and local governments. It also develops and grades the Uniform CPA Examination and builds the pipeline of future talent for the public accounting profession.

The Chartered Institute of Management Accountants (CIMA) is the world’s leading and largest professional body of management accountants. CIMA works closely with employers and sponsors leading-edge research, constantly updating its professional qualification and professional experience requirements to ensure it remains the employer’s choice when recruiting financially trained business leaders.