The risk of data security breaches has been top of mind for many years, but during an unprecedented environment in 2020 the risk of these incidents has increased and it has become even more critical to prioritize guarding against cyber risk as part of daily business operations. Driving these priorities is a critical element for leadership in any industry – but especially in the financial services industry.
Executives must take the lead on cyber security to safeguard their intellectual property, customer information, and portfolio data as well as insure that systems are not compromised and unable to complete the business critical functions required to meet deadlines. Financial practices such as CPAs, financial planners, and private equity firms face similar, yet slightly different, risks which if not addressed can result in damage to their value through lost business, decreased credibility and customer trust, exposure of proprietary and customer information, as well as missed deadlines and potential fines.
Potential Costs of Data Breach:
- PR Campaign after breach to quell customer concern
- Business Disruption
- Loss of Information
- Equipment Damage
- Insurance Premium Increases
- Detection and resolution activities and audit services
- Customer notifications
- Cost per lost or stolen records
- Devaluation of trade name
- Increased cost to raise debt
- Lost customer relationships
- Lost contract revenue
These firms service many different client groups, and as such the risk and consequence is different with each, but it is certain that the impact of a data security issue will not only impact the firm where the breach occurred but it may also create impacts for the clients of the firms as their customers, systems and processes may also be exposed to hackers and system issues. Many customers and investors have cited cyber threats as a major concern when it comes to determining who they will trust with their financial planning, accounting or investing.
Risks to service groups may include:
- Individuals – Proprietary and/or personal information such as Social Security, Banking and investment info
- Businesses – Employee info, vendors, financial reports, patent information, stock filings
- Non Profit Orgs – Donor info, Board of Director private info, tax filings
- Investor Groups – Personal data and confidence in privacy
How to Avoid the Risk
Safeguarding the firm must include cyber security policies and procedures, ensuring protective measures are implemented, and building a human firewall by educating employees on the new and evolving risks and the utilization of processes that mitigate the risk. It must be realized that the consequences of a data breach are not just about technology, but the very operations of the firm.
One driver to the increased risk to cyber security in 2020 is the mass number of employees who became remote workers overnight. Many firms may not have been prepared for the potential impacts and danger to security that is inherent in workers accessing data from remote locations. This situation, along with hackers playing on the fears of many have impacted potential security issues exponentially as the FBI has reported a 300% increase in cyber crime since the outbreak of COVID-19 and it is predicted that an average of 1 in 4 middle market firms will fall victim to a data breach this year.
Firms must prioritize the implementation of policies that require their workers to use VPN or other private networks when accessing data remotely, the computers accessing the firm’s data and the systems housing firm data must be consistently updated with the latest security patches and software.
The implementation of the procedures such as this is seen by many as what should be a key objective of any CFO. Taking proactive steps in anticipation of targeted attacks should be a main priority since organizations are so dependent upon technology and cyberspace to transact business. It must be recognized by leadership that cyber security is now one of those critical areas requiring continued investment. It has been shown that firms with procedures in place that provide the ability to quickly detect cyber threats reap the financial rewards as the shorter the breach lifecycle, the lower the cost due to less business disruption and data/system exposure.
Apogee works with their clients on solutions to mitigate cyber security risk which includes 24/7 monitoring and regular patch updates. They have been working in this area for years and are able to provide their clients the specialized attention that will safeguard their customers, data and systems. They pride themselves on being available to their clients to assist in the protection of assets – information, business relationships, and personal data.