Contact Us
 Search

Cyber October 2024 – Securing Our World

October’s Cyber Awareness Month is a time to consider the cyber landscape and how professional service firms can build resilience, plan and practice responses to attacks and make their contribution to securing our world.

As ransomware continues its relentless rise, the professional service sector remains one of the most targeted sectors.

Chainalysis, a firm that tracks payments to known ransomware actors on the blockchain, has reported that 2023 was the most profitable year for the extortionists with record payments of $1.1b being made, 80% in payments over $1m.

In addition, a report from Comparitech, based on publicly available information, indicates that since 2018, 138 law firms have confirmed ransomware attacks impacting at least 2.9 million records.

This latter point is significant because theft of data not only increases the leverage of the extortion threat actors, it also is giving rise to increasing numbers of class action lawsuits from affected individuals. According to a report from Law.com, not only is 2024 “on pace to be the biggest year in the history of law firm data breach reports,” but “more than 40 data breach class actions are being filed per month in 2024.”

Ransomware and malicious cyber activity are a continuing and growing threat to professional service firms. In the worst-case scenario a cyber attack can be devastating to a firm and consequently to its clients. In the face of this, it is essential to invest in resilience to secure the firm and the data it holds, for the benefit of the firm, its employees and clients.

Resilience requires a multi-faceted strategy and Cyber Awareness month is an ideal time to review and evaluate measures to harden defenses to better prepare for response in the face of a successful attack:
 

To Combat Cyber Risk, Businesses Invest in Resilience

Read Insight


 

Lessons Learned from the CrowdStrike Outage: 5 Strategies to Build Cyber Resilience

Read Insight


 

An essential - or possibly THE essential - component of resilience is preparation. Dwight D. Eisenhower famously said, “In preparing for battle I have always found that plans are useless, but planning is indispensable.” In the context of cyber, the battle plan is the Incident Response Plan, the “planning” is running tabletop simulations to test the plan and to train the individuals responsible for implementing and adapting it in the event of a cyber incident (as Field Marshal Erwin Rommel observed “no plan survives contact with the enemy”).

The IBM-Ponemon “Cost of a Data Breach Report 2023” found that not only was incident response planning and testing a top 3 cost mitigator, but also that organizations with high levels of these countermeasures in place incurred USD 1.49 million lower data breach costs compared to organizations with low levels or none and they resolved incidents 54 days faster.
 

Table Stakes: Planning a Tabletop Simulation



Read Insight


 
No conversation on cyber resilience is complete without addressing the topic of cyber insurance and the question of how much limit is “enough.” Professional Liability insurers have started to show interest in the amount of cyber insurance being purchased by their clients, partly because of claims that engage both the cyber and professional liability policies and the increasing incidence of class action lawsuits arising from cyber breaches.
 

Pushing the Limits – How Much Cyber Insurance Do Professional Service Firms Need?



Read Insight


 
One of the key metrics that insurers use to measure exposure to regulatory expense (such as notification costs) also affects exposure to class action lawsuits. It is the metric quantifying PII and PHI as an amount that the insured “holds” in their systems:
 

How Many Records Do We Have? Professional Service Firms and PII / PHI Records



Read Insight


 
The Professional Services Practice at Aon values your feedback. To discuss any of the topics raised in this article, please contact Tom Ricketts or Parker Baddley.
 
This article is adapted from Cyber October 2024 – Securing Our World (October 2024) from the Professional Services Practice at Aon.

 

How Helpful Was This Article?

 

Related Content

Generative AI and risks to CPA firms
Generative AI and risks to CPA firms
Cybersecurity is a necessity for CPA firms who accelerated their digital transformation during the pandemic and are now particularly vulnerable to an attack.

Related Products

Professional Liability Program for CPA Firms
Professional Liability
Learn More

Assistance with the associated legal and defense fees in the event of a lawsuit for errors and omissions.

Cyber Liability
Cyber Liability
Learn More

Replace lost income and cover expenses caused by data breaches involving sensitive customer data.

Specialty Coverage for AICPA Member Firms
Specialty Coverage
Learn More
Protect your firm and your employees from errors and omissions in the performance of your professional services.
About Aon
 
Aon (NYSE: AON) exists to shape decisions for the better — to protect and enrich the lives of people around the world. Through actionable analytic insight, globally integrated Risk Capital and Human Capital expertise, and locally relevant solutions, our colleagues provide clients in over 120 countries with the clarity and confidence to make better risk and people decisions that help protect and grow their businesses.
 
Follow Aon on LinkedInXFacebook and Instagram. Stay up-to-date by visiting Aon’s newsroom and sign up for news alerts here.
 
©2024 Aon plc. All rights reserved.

Aon is not a law firm or accounting firm and does not provide legal, financial or tax advice. Any commentary provided is based solely on Aon’s experience as insurance practitioners. We recommend that you consult with your own legal, financial and/or insurance advisors on any commentary provided herein. All descriptions, summaries or highlights of coverage described herein are for general informational purposes only and do not amend, alter or modify the actual terms and conditions of any relevant policy. Coverage is governed only by the terms and conditions of such policy. Insurance coverage in any particular case will depend upon the type of policy in effect, the terms, conditions and exclusions in any such policy, and the facts of each unique situation. No representation is made that any specific insurance coverage would apply in the circumstances outlined herein. Please refer to the individual policy forms for specific coverage details.

The information contained in this document and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity.

This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss incurred in any way by any person who may rely on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.

Insurance products and services offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida and their licensed affiliates.
 

AICPA Member Insurance Programs
1100 Virginia Drive, Suite 250
Fort Washington, PA 19034

Plans

Education + Resources

Legal

Quick Links