Accounting firms have a wide range of opportunities to provide cybersecurity services was the message as a session at the AICPA Engage conference last month. Steve J. Ursillo, a partner with Cherry Bekaert, and Jim Bourke, a partner with Withum, told attendees that clients would prefer to receive such services from their CPA firm.“There is an opportunity with every single client,” Bourke said, who reported his firm had 100-percent growth in the cybersecurity arena over the last year. Moreover, Bourke noted, “Our largest line items are no longer audit, no longer tax. More often not, it’s cybersecurity engagements. It’s the biggest wins we see in our firm.”
And with unprecedented numbers of people working from home, security risk has increased, especially given the speed with which businesses had to respond to the need. “You had all sorts of controls that were by being bypassed,” Ursillo said. “Now, you have a situation in which the whole network may not be as secure as you thought.”
With home systems often less secure, criminals can take advantage of those weaknesses and when workers return to the office, the intruders can break into systems, he continued. “You had all sorts of controls that were being bypassed,’ he said.
The two advised firms to ask clients what kind of services they want and one group that has helped plumb client interest are the auditors. “The auditors actually drove our cybersecurity practice growth,” Bourke said.
Bourke urged attendees to gauge client needs from those their own firms have in preventing security problems. “Think about educating your clients around phishing attacks. We continually educate our staff about this,” he said. “If you are doing it yourself, you can monetize that.”
Both CPAs noted that firms need to hire employees with skills that are typically not the usual prospects for working in an accounting organization.
“Your team will be diverse,” Ursillo said. Cherry Bekaert’s cybersecurity practice is “very heavy with technology risk specialists.You are going to have a vast array of skills,” he continued. “It’s not going to be one person who knows it all.”
The two touted resources available to members of the AICPA’s Private Companies Practice Section as valuable in educating themselves about setting up and running a cybersecurity practice. Ursillo pointed to PCPS Cybersecurity Toolkit as an important tool. That includes, “A CPA’s introduction to Cybersecurity.”
