Cyber insurance for accountants: you could be exposed
With cyber attacks now seen as the single biggest threat to UK businesses, Bluefin Professions sets out what this means for accountants and accountancy firms in reality.
There has been a lot of discussion about cyber risks in the trade press, but perhaps not enough practical advice from a protection perspective. While prevention is better than cure, even the most cyber vigilant amongst us can be exposed to a breach or an attack. That’s why we want to bring some common cyber risks to life through a series of case studies to give you some real life examples of where the risks lie.
Am I covered for cyber under my Professional Indemnity (PI) insurance policy?
Yes and no, but it’s extremely likely that your PI policy won’t go far enough in the event of a cyber attack. To help clear things up, we have detailed three scenarios* where your PI policy is likely to respond following an attack, and where the gaps are compared to a cyber insurance policy1.
Denial of service
An accountant's servers were inundated with information requests by a ‘bot-net’ controlled by a hacker, allowing the hacker to break into the accountant’s systems and obtain details of a number of clients, including those involved in sensitive tax mitigation schemes. The hacker then threatened to post the information online unless a ransom was paid.
In addition to the payment of the ransom, costs were incurred through the forensic investigation of the breach (including the assessment of the accountant's electronic security and reasonable security improvements), credit monitoring costs for impacted individuals, public relation costs to mitigate damage to the accountant’s brand, and in notifying the Information Commissioner's Office (ICO) and all impacted clients.
Here’s how the accountant’s policies responded following the claim: