VIEWpoint Issue 1 | 2022
Brief Insights | Meeting Provider Relief Fund Reporting Requireme...
VIEWpoint Issue 2 | 2021
2022 Q4 Tax Calendar: Key Deadlines for Businesses and Other Empl...
Ask the Advisor: Key Tax Incentive Changes
Weathering the Storm of Rising Inflation
As businesses and not-for-profit entities increasingly rely on technology, cyberthreats are becoming more sophisticated and aggressive. Auditors must factor these threats into their risk assessments. They can also help you draft cybersecurity disclosures and brainstorm ways to mitigate your risk of an attack.
How much does a data breach cost? The average has reached an all-time high of $4.35 million, according to the newly released “Cost of a Data Breach Report 2022.” The report, published by independent research group Ponemon Institute, also found that 83% of respondents have experienced more than one data breach.
Another key finding is that the average cost of a data breach increased by roughly 13% during the pandemic. Why? One reason is the increase in remote working arrangements. Many organizations now have sensitive data stored in more places than ever before — including laptops, cloud-based storage, email, portals, mobile devices and flash drives — providing many potential areas for unauthorized access.
Ransomware attacks are also on the rise, in part due to geopolitical instability. According to the study, ransomware attacks were up 41% in 2022 compared to the previous year. These attacks cost organizations an average of $4.54 million per incident in 2022, excluding any ransom paid to the perpetrator. Ransomware attacks generally take longer to detect and contain than other types of data breaches.
Hackers may try to steal valuable information about your organization’s employees and customers. Examples include payment card data, protected health data and personal identifiable information, such as phone numbers, addresses and Social Security numbers.
Another target may be valuable intellectual property, such as customer lists, proprietary software, formulas, strategic business plans and financial data. These intangible assets may be sold or used by competitors to gain market share or competitive advantage.
As the frequency and severity of cyberattacks have increased, data security has become a critical part of the audit risk assessment. In recent years, the Public Company Accounting Oversight Board (PCAOB) has interviewed auditors of companies that have experienced a cybersecurity breach.
These interviews reveal that audit firms provide varying levels of guidance, both when assessing risk at the start of the engagement and when uncovering a cybersecurity incident that occurred during the period under audit or during audit fieldwork. For example, auditors usually ask management what’s being done to understand, detect and prevent computer system breaches.
Another key finding of the PCAOB research is that the costs associated with cybersecurity breaches may not always be apparent. A major cybersecurity breach can cause more than lost profits; it may also result in a loss of customers, reputational damage and even bankruptcy.
Though PCAOB’s research focuses on public companies, any organization can be the victim of a cyberattack. And the effects may be even more devastating for those with fewer resources to absorb the losses and assign dedicated staff to respond to breaches. Doeren Mayhew’s IT and cybersecurity advisors stay atop the latest cybersecurity trends. We have a suite of cybersecurity services, including our CYBERCLAW® assessment, to help your organization assess its cyber risks and improve the effectiveness of internal controls over sensitive data. Contact our IT and cybersecurity advisors to get your assessment scheduled today.
This publication is distributed for informational purposes only, with the understanding that Doeren Mayhew is not rendering legal, accounting, or other professional opinions on specific facts for matters, and, accordingly, assumes no liability whatsoever in connection with its use. Should the reader have any questions regarding any of the news articles, it is recommended that a Doeren Mayhew representative be contacted.
A quick registration is required to view our resources.
You will only be asked to do this one time (unless you don't save your browser cookies).