Most tax professionals believe they are inadequately protected from cyber crime-related risks, according to a recent poll of National Association of Tax Professionals’ (NATP) members.
The NATP survey of 633 tax professionals polled at the association’s annual conference in Phoenix reveals that fewer than four in 10 attendees (36 percent) are familiar with the risks posed by cyber incidents, such as data theft, identify theft and computer viruses. A bare majority of the respondents (51 percent) are somewhat familiar.
When asked which cyber incidents are of greatest concern to their business or organization, nearly one-third (30 percent) of the attendees flagged data theft (e.g., of customer information). An additional 20 percent identified computer viruses.
Fewer respondents pointed to business interruptions (6 percent) and intellectual property theft (2 percent). But four in 10 (40 percent) said all of the above risks were of greatest concern.
Only 15 percent indicated they have cyber liability insurance coverage. And just one in three (33 percent) of the those polled report having a written business continuity or disaster recovery plan.
When asked how confident they are that their business has adequate insurance coverage to protect against cyber crimes, attendees answered as follows:
Very confident: 20 percent
Somewhat confident: 45 percent
Not very confident: 25 percent
Not at all confident: 11 percent
The distribution of responses was similar when participants were questioned as to whether they have adequate insurance coverage to protect against insurable risks that can result in significant financial losses or cause them to go out of business:
Very confident: 36 percent
Somewhat confident: 40 percent
Not very confident: 18 percent
Not at all confident: 6 percent
“Tax professionals need to prepare to withstand an unexpected event given the sensitive data they work with on a daily basis,” said Travelers Executive Vice President Marc Schmittlein, who runs the company’s small business unit. “It is increasingly important to have a written business continuity plan in place to identify and mitigate potential threats to a business.”