Cybersecurity losses are showing no signs of abating. If anything, they’re becoming more frequent, not to mention more expensive. To illustrate the cybersecurity threat, consider just one example: data breaches. The average cost of a data breach in the US exceeded $7 million in 2018, compared to a global average of $3.86 million, according to research from IBM. So, while the US has taken the brunt of the losses, the problem goes beyond the US and is becoming a true global phenomenon.
Faced with the grim reality of data breaches and other cyber threats, cybersecurity specialists and forensic accountants are becoming fast friends, working to unravel both the sources and costs of specific cybersecurity-related losses. As would be expected, insurance companies are also relying heavily on the expertise of forensic accountants to validate claims.
How much did the cyber breach really cost the affected company? This is the fundamental question the forensic accountant must answer. To do so, they often must cross the boundaries of accounting, information technology, law enforcement, and business management.
The role of the forensic accountant in cybersecurity loss valuations:
Forensic accountants are increasingly working side by side with cybersecurity teams to investigate, quantify, and report the financial impact of data breaches and cyber-attacks. They will dig into source data, analyze accounting systems and processes, and delve into the technologies used to manage organizations. Their educational background and skill sets make them uniquely qualified to investigate and valuate cyber losses. You will find forensic accountants with degrees in accounting, CPA certifications, Certified Forensic Accountant (CrFA) certifications, and Certified Fraud Examiner (CFE), Certified Valuation Analyst (CVA) or Certified Fraud Specialist (CFS) designations.
The causes of and stakeholders involved in cybersecurity incidents differ from case to case, and forensic accountants are poised to investigate the losses from a variety of perspectives. They frequently work on behalf of breached companies or their insurers to quantify damages stemming from lost revenue, tangible assets, or business reputation. They also commonly serve in a defensive capacity to strengthen a company’s case against class action suits. By carefully analyzing data sources they may find, for instance, that certain plaintiffs don’t belong in the class or that the source of compromised data was from a third-party database.
Forensic accountants also operate on behalf of plaintiffs in class action suits, where the main objective is to document a correlation between breached data and actual financial harm to the plaintiffs. This requires them to mine numerous data sources to find and connect the “financial breadcrumbs” needed to establish injury. They wade through volumes of data – from internal databases to consumer financial records to third-party databases — to uncover key, and often minute details that will support their case.
In all these roles, the forensic accountant will provide litigation support to the client, ranging from reports and documentation to expert witness testimony. Their goal with each case is to transform complex financial information into clear, fact-based evidence.
Cybersecurity threats aren’t going away anytime soon, but knowing you have access to a forensic accounting professional should provide some peace of mind. If you think you might benefit from the services of a qualified financial forensics professional, contact us.