Latest News

Bookkeepers vulnerable to cyber fraud

Cybersecurity report considers bookkeepers among most vulnerable to attack.

With the March 2023 report into cyber fraud from the Office of the Australian Information Commission (OAIC) placing accountants and bookkeepers among the most vulnerable professions, the Associate Director of Accountancy Insurance, Karen McDonald, warns bookkeepers to act urgently to protect their security.

“The report proves it’s misguided to think cyber attackers are just after big companies,” said Karen. “Bookkeepers and accountants are in the top five of those most vulnerable to malicious attack.

“The biggest problem is their access to so much confidential financial and business data.”

The Notifiable Data Breaches report elaborated the situation is worsening for those managing confidential data. The number of data breaches has risen by 26% in the last year and 70% of those were malicious attacks.

“More and more we’re seeing attackers literally holding businesses to ransom, threatening to release the data unless they are paid,” said Karen. “We’ve upped our minimum cyber security cover to $250,000 as anything less would not give enough protection.”

Concerned that many don’t realise how vulnerable they are, Karen cautions bookkeepers to double check their insurance cover.

“Some insurers offer some level of cyber protection under their professional indemnity insurance policies, however taking at least two features out of the cyber security cover that are included if you took out a separate and stand-alone cyber policy,” said Karen.

Karen recommended bookkeepers have at least four things covered in their cyber insurance.

• Ransom cover – This is where the insurance company will pay out a ransom and a minimum of $250,000 is advised for your limit of indemnity.
• First party losses – If a bookkeeper opens a bogus email, for example, that contains a virus that shuts them down for days, then this insurance would pay for lost earnings, and the cost to fix the problem and return the system to the way it was before the virus. If the attacker hijacks an invoice sent to a client, changing the BSB and account details, which the client inadvertently pays, then this insurance would cover the losses.
• Third party losses – If a virus turns up in your emails which you then send to your client, causing damage to the clients’ system, then this insurance covers losses in their earnings and the cost of restoring the clients’ computers back to where they were.
• 24/7 global assistance – Attacks can happen at all hours and need to be dealt with promptly or risk causing more damage. Who could you get to negotiate with a hacker at 3am? Insurance cover needs to allow for 24/7 support.

Karen confirms that insurance is part of a two-pronged approach that also includes defence against the hackers.

“If you have good IT defending your security and good insurance in case things go wrong, you can be more assured to protect yours and your clients’ business,” said Karen.

For your ABN member discounted cyber insurance and professional indemnity insurance with Accountancy Insurance visit www.accountancyinsurance.com.au.