BusinessPostCorner.com
No Result
View All Result
Friday, July 17, 2026
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources
BusinessPostCorner.com
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources
No Result
View All Result
BusinessPostCorner.com
No Result
View All Result

Protect your firm from first-party and third-party cyber exposures

July 28, 2025
in Accounting
Reading Time: 5 mins read
A A
0
Protect your firm from first-party and third-party cyber exposures
ShareShareShareShareShare

In today’s digital landscape, it is no surprise that there appears to be a new cybersecurity story in the news every week, from attacks on major infrastructure to small companies being held for ransom. The risk of cyber threats continues to grow for CPA firms, along with other professional services firms, as all are considered prime targets for cybercriminals given the wealth of sensitive client data, financial information, and/or legal documents they maintain. 

Don’t be lulled into a false sense of comfort that your firm (or your clients) are too small or too large to be attacked. Camico is seeing an uptick in the number of cyber-related claims impacting CPA firms of all sizes and, unfortunately, the severity of these cyber crimes and ransomware attacks have grown in recent years. 

Some of the more frequent categories of loss for CPA firms related to cyber claims include:

  • Social engineering; 
  • Funds transfer fraud;
  • Theft of data;
  • Loss of laptop or data stick
  • Unauthorized use of networks;
  • Failure to protect client confidential information shared with a third-party service provider;
  • Computer system cloud hack;
  • Lost profits related to cyber events; and,
  • Ransom attacks.

Identifying key cyber risks and best practices to mitigate risk exposures is important to safeguard confidential information, maintain client trust and ensure your firm’s continuity. One of the important concepts people must be aware of when evaluating their cybersecurity exposures is the difference between first-party risks and third-party risks. First-party risks are damages and losses you incur from a cyberattack or security breach of your firm, whereas third-party risks often arise when a hacker has penetrated the firm’s (or client’s) computer system causing damages to a client or other third party as a result of the cyber incident for which the firm may be blamed in whole or in part.

As you would expect, first-party cyber exposures have become increasingly problematic for CPA firms as cyber criminals are targeting CPA firms and tax professionals with greater frequency because of the abundance of client data found on CPA firms’ computers. If they are successful in gaining access to a firm’s information infrastructure, there can be costly measures that need to be taken by the firm such as hiring IT forensic experts to determine the extent of the breach, consulting with attorneys who specialize in data breach laws and notification obligations, and providing credit monitoring to those impacted by the breach. 

What may be surprising to some CPAs, however, is the increase in third-party cyber exposures that are impacting firms. These situations often arise when a client has been hacked, and the hacker has penetrated the client’s computer system and, once inside, causes all manner of losses for which the CPA firm may be blamed. Unfortunately, many of these incidents tend to be high-dollar claims against the CPA firm. These claims typically include allegations that the firm failed to detect red flags associated with communications executed by the hacker, falling below the standard of care by initiating wire transfers (later determined to be fraudulent) without “proper” client authorization, failure to “warn and advise” clients of the potential risks/threats of cyber attacks, and the list goes on. 

Consider this real-life scenario: a client of the CPA firm was hacked, and the hacker penetrated and commandeered the client’s email account. The hacker emailed several requests to the CPA firm to wire funds to a new account — a classic “man in the middle” attack. After receiving each request, a CPA firm staff member emailed the client to verify the wire transfer instructions. As the hacker had full control of the client’s email account, the hacker was able to respond back to the CPA firm to verify the payments to the hacker’s overseas bank account. 

Such outcomes have become all too common. With the increased number of claims related to fraudulent wire transfers, the best risk management practice in the absence of any written protocols to the contrary is to verbally confirm all wire transfer requests with the client and not rely on email or voicemail confirmations. 

Unfortunately, technological advances have permitted sophisticated scammers to create AI versions not only of people’s voices, but also realistic avatars of scam targets so that you can’t trust your ears or your eyes on virtual calls (e.g., Microsoft Teams). Ideally, you and your client will have a code word and/or phrase to confirm the authenticity of the person you are speaking to.
 
Cyber insurance protects against financial losses related to data breaches or other covered cyber events. Cyber insurance coverage is basically divided along two lines: 

  • First-party, which refers to losses directly suffered by the policyholder (or insured) firm in response to a firm’s data breach or other covered cyber event, and
  • Third-party, which refers to damages alleged by clients or other third parties that the negligence of the CPA firm contributed in whole or in part to the third party’s cyber-related loss. Camico’s professional liability policy generally will cover third-party cyber claims subject to applicable policy terms, conditions and exclusions.

It is possible that a single cyber incident may give rise to both damage suffered by the firm (first-party losses) and damages allegedly suffered by others that blame the firm (third-party losses). The relationship between the first and third parties can be formed in many ways. It can be contractual (for example, engagement letters), built through tort law, common law or other ways. CPA firm clients are third parties, and others may become a third party based on the nature of an incident. Clients may have insurance of their own, making them a first party with their own cyber insurance carrier. 

First-party insurance typically covers the direct costs of actions needed after a firm has had a data breach, extortion, ransomware attack or other hacker malfeasance against the firm. Third-party cyber-liability insurance, on the other hand, covers the costs of dealing with the claims of other parties that seek to hold your firm at least partially responsible for damages that they have incurred because of a cyber incident. Sometimes, the line between first-party damage and third-party damage becomes blurred — especially if a firm and its client have both been breached, and forensic analysis cannot conclusively establish either the sequence of events leading up to the breach and/or how the breach occurred.

Understanding the difference between first-party and third-party risks is essential when seeking cyber insurance. Ideally, every CPA firm should have some degree of insurance coverage for both first-party and third-party risks as the CPA firm faces exposure to many accusations and lawsuits in the event of a compromise or data breach impacting its clients’ data. For example, everyone faces risks of inadvertently forwarding a malware-infected email message that subsequently wreaks havoc after being opened by a recipient, or of their computers and networks being breached and subsequently exploited by hackers to serve as launching pads from which to target others. 

Relying on only one type of cyber insurance that may be limited to either first- or third-party coverage may leave businesses exposed to significant financial and legal risks. Whereas investing in both first-party and third-party cyber insurance ensures greater protection against today’s growing cyber threats. 

Credit: Source link

ShareTweetSendPinShare
Previous Post

KSM adds MichaelSilver | Accounting Today

Next Post

Jersey cost of living and cold weather payments open

Next Post
Jersey cost of living and cold weather payments open

Jersey cost of living and cold weather payments open

We’ve saved £6,000 on holidays by swapping homes with strangers

We’ve saved £6,000 on holidays by swapping homes with strangers

July 10, 2026
How CFOs can navigate a growing power mandate

How CFOs can navigate a growing power mandate

July 10, 2026
Shultz Huber acquires Stroh Johnson

Shultz Huber acquires Stroh Johnson

July 15, 2026
Ethereum Price Prediction: Tom Lee Targets  Trillion ETH

Ethereum Price Prediction: Tom Lee Targets $5 Trillion ETH

July 10, 2026
Trump takes a page from Iran’s Hormuz playbook, leveraging the chokepoint to generate revenue

Trump takes a page from Iran’s Hormuz playbook, leveraging the chokepoint to generate revenue

July 13, 2026
China hits out at British Steel nationalisation

China hits out at British Steel nationalisation

July 17, 2026
BusinessPostCorner.com

BusinessPostCorner.com is an online news portal that aims to share the latest news about following topics: Accounting, Tax, Business, Finance, Crypto, Management, Human resources and Marketing. Feel free to get in touch with us!

Recent News

China hits out at British Steel nationalisation

China hits out at British Steel nationalisation

July 17, 2026
Tax Fraud Blotter: Win some, lose some

Tax Fraud Blotter: Win some, lose some

July 17, 2026

Our Newsletter!

Loading
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • DMCA

© 2023 businesspostcorner.com - All Rights Reserved!

No Result
View All Result
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources

© 2023 businesspostcorner.com - All Rights Reserved!