IPA Data Dive: Accounting Firm Cyberattacks, A Major Threat? Yes. A Pervasive Threat? Not Yet . . .
Excerpted from the 2021 INSIDE Public Accounting (IPA) National Information Technology Benchmarking Report. Now Available.
With daily headlines detailing the latest major organizations to fall victim to devastating cyberattacks, it seems like just a matter of time before the threat actors come gunning for accounting firms and their treasure troves of client data. The threat is undeniably growing, but fortunately – thanks in part to either strong risk mitigation efforts, good luck or some combination thereof – it doesn’t appear to have manifested itself in the form of many actual incidents (yet).
When asked whether their firm had been the victim of a cyberattack and/or ransomware attempt within the past 12 months, just 7% of more than 218 non-Big 4 respondents in INSIDE Public Accounting’s 2021 Information Technology Survey said they had. Of course, 15 firms dealing with attacks is not insignificant – especially for those firms’ leaders and clients – but an incident rate below 10% suggests, at least, that the profession has perhaps managed to stave off a widespread assault thus far.
|Was your firm a victim of a cyber-attack and/or ransomware within the past 12 months? Percentage of firms reporting they had been a victim.|
|FIRM SIZE (Net Revenues)|
|All Non-Big 4||7%|
Interestingly, it is the largest and smallest firms that dealt with the most threats, with 14% of firms over $75 million and 13% of firms under $5 million having confronted such attacks over the past year, suggesting that cybercriminals may be attracted to both the higher potential payoff (in dollars and/or data) of the bigger firms and the presumedly lower security barriers of the smaller firms.