CPAs have a great opportunity to solidify their role as the trusted advisor for the next generation of businesses by adding cybersecurity as a core competency. The AICPA is increasingly recognizing the need for CPAs to evolve and assist their clients with mitigating cyber risks. The AICPA has introduced a new System and Organization Controls (SOC) for Cybersecurity engagement, through which a CPA provides assurance regarding a company’s cybersecurity program to board members, senior executives and external stakeholders. CPAs should get educated about cyber risks and proactively discuss them with their middle market clients. Specifically, CPAs should watch out for the following six cybersecurity pitfalls for their clients.
Pitfall #1: Not understanding ‘why?’, or not understanding your cyber risks
Many companies have not performed a formal cyber risk assessment, which makes it difficult to develop an appropriate response to those risks. What kind of data is being protected? What cyber threats will