The average data security breach takes less time to pull off than it does to prepare a cup of coffee. That’s according to Verizon’s 2016 Data Breach Investigations Report, which found that 93% of successful breaches occur in less than one minute. More alarmingly, the same report found that 80% of businesses take weeks to discover that they’ve been hacked.

In light of these discoveries, it’s more important than ever for accountants, attorneys, and other professionals to make sure their client data is as secure and protected as possible. Below are some of the things that could happen if it isn’t.

Legal Fees

If your clients’ private financial data is compromised, you will have to prove to a court that it is not due to your firm’s negligence. Whether or not this is true, the legal fees will still pile up as you attempt to prove your case. If you are found to be guilty (which, if you are exchanging sensitive data through email, will probably be the case) you’ll incur fines, as well.


As we stated above, if you have not used a secure client portal or other security measure to protect your client data, you will very likely be found to be in violation of your firm’s duty of care, and you will be fined. While we can’t predict the actual amount, we know that courts have become more and more severe with penalties in recent years. For instance, Uber’s poor handling of its 2016 breach has cost it close to $150 million, the biggest data-breach payout in history. More recently, Duke Energy was fined $10 million for cybersecurity failures on its electrical grid.

Reputation Damage

By reputation damage, we don’t just mean embarrassment, though that’s certainly a part of it. But more importantly, when your firm’s reputation is damaged, you lose revenue—a lot of it. Your current clients may no longer trust you, and decide to take their business elsewhere. And potential clients trying to choose a new firm will likely choose an alternative option when they read about what happened to yours. Your firm’s reputation is your greatest sales asset; when it’s damaged, it can be difficult or impossible to restore.

Theft of Finances  

Accounting firms and law firms are among the most popular targets for hackers for a good reason: they’re rife with sensitive client information, like billing data. However, some hacks aren’t after your client information, but you. Though it isn’t the most likely scenario, it’s always possible that a cybersecurity breach will simply deplete your bank account. Even though this would get you off the hook regarding client litigation, however, it still could mean the end of your firm.

Damaged Shareholder and Investor Relations

This might not apply to small businesses, but it still bears mentioning. Once a data security breach occurs, it’s usually followed by a precipitous drop in the company’s perceived value. Negative press can fuel a “sell now” groupthink, which then escalates, much like an old-fashioned bank run. This is especially true for smaller companies that don’t have the corporate infrastructure or brand recognition to keep things afloat in the wake of an attack.

Investors and shareholders want their money to be safe with a company they feel they can trust. When that trust is lost, reversing the damage can be very difficult. Unfortunately, a large percentage of businesses that suffer a major data breach never completely recover their value.

How to Protect Your Client Data

In order to avoid the consequences listed above, it’s crucial to invest in practice management software that can keep your data safe and secure. A client portal provides a single, secure place for clients to share information, receive updates, and engage with your team. To learn more about ImagineTime’s client portal and other software for accountants, give us a call today.

Related Posts