Cybersecurity Experts & Forensic Accountants
Written by Tim Ball, CFE, Principal at The Bonadio Group, and John G. Roman, Jr., CISSP, CIO at The Bonadio Group
In the not so distant past, the threat of a person or people stealing money or assets from your business was limited to a lack of physical security or a malicious employee. Businesses utilized safes, video surveillance systems, internal controls and audits to keep their assets secure. This approach was typically enough to prevent an incident. Until recently, the mention of computer hackers conjured images of the hooded, sunglass-wearing characters portrayed in movies. The thought of someone gaining access to your computer systems and stealing money or data through the ‘world wide web’ was unheard of – but that’s no longer the case. According to data from Statista, the number of data breaches per year in the U.S. has nearly doubled in 10 years, rising from 656 in 2008 to 1,244 in 2018.
With new technology comes not only new opportunities but challenges and threats as well. One of the scariest threats of today and well into the future is cybercrime. With a hefty price tag and the threat of reputational damage to you or your business due to a breach that compromises valuable data, the impact of theft has risen exponentially since the days of a simple physical robbery or ‘cooked books.’ The advancements in technology for business and personal use, including mobile system access, the Internet, cloud storage, interconnected software systems and the collection of immense amounts of digital data, has led to elevated financial and reputational risk for users who don’t adequately protect their systems.
The increased dependence on the use of computer technology and its associated risks has created the need for advanced technology skills in the professional services industry. Cybersecurity experts and computer forensics, including penetration testers, chief information security officers (CISOs), incident responders and information risk consultants are part of a growing field of professionals that professional service organizations need. Out of necessity, government agencies, accounting firms, management consultancies and law firms have added experts to their ranks that specialize in cybersecurity investigations, enforcement of cybersecurity laws, electronic discovery, and breach litigation.
How has the dawn of the new cybersecurity industry affected the tried and true accounting industry, and more specifically the forensic accountant? Historically, forensic accounting has been a specialty service area where highly skilled forensic accountants perform interviews, gather data and financial information, and investigate allegations of fraud and embezzlement through the use of accounting and auditing techniques. Work is completed by analyzing financial statements, bank account activity, account variances and forecasts. Findings are often utilized by insurance companies, banks, law enforcement and government agencies to quantify the damages and identify the culprit.
These days, more and more often, cybersecurity experts and forensic accountants are working collaboratively to examine cybersecurity threats and investigate breaches. While cybersecurity experts are searching for the how and why, forensic accountants are searching for the “how much.” Forensic accountants will analyze accounting systems and processes affected in the breach, evaluate technologies in use by the organization and examine source data to investigate, quantify and report the financial impact of a data breach or cyberattack. Due to the wide variety of businesses and organizations that can be affected by cybercrime, forensic accountants provide the expertise needed to evaluate damages stemming from lost revenue, assets and even reputation throughout all industries. Oftentimes, forensic accountants may have to mine and analyze data throughout numerous data systems to connect the dots of the crime and connect the breach to a tangible financial loss.
Damages from a cyberattack are not only monetary in nature, but also come in the form of lost reputation, lost customer confidence, lost sales, lost data or even physical damage to infrastructure. Forensic accountants may need to analyze historical financial statements, historical company performance, product line performance, forecasts and projections to gain an understanding of the financial position of the company both before and after the cyberattack. The difference will assist the organization in calculating its loss and taking strategic actions towards recovery and prevention.
At FoxPointe Solutions, cybersecurity experts and forensic accountants have worked hand-in-hand for years as a single investigative team to gain a detailed understanding and perspective on what may be needed throughout a data breach investigation to quantify damages. Contact us to learn more.
FoxPointe Solutions is solely responsible only for the content of FoxPointe Solutions authored information and is subject to change at any time. Any forward-looking statements are not predictions. FoxPointe Solutions is not responsible for any errors or omissions, or for the results obtained from the use of this information. Questions regarding your legal or compliance position should be addressed through your legal counsel, security advisor and/or your relevant standard authority. Nothing contained herein should be used nor relied upon as advice nor constitute a consultant-client relationship.