The CPA. A respected professional who corrals numbers and wrangles through tangled IRS red tape and mercilessly mutable regulations to help his clients manage their finances and tax returns. Some offer specialty services, such as tax incentive and credit claims, to further assist their clients with money-saving tax breaks.

Recently, a nation-wide call for a new tax credit has begun to crescendo. A tax credit whose need resounds off conference-room walls and pervades many a cybercrime discussion. And it would not only benefit CPAs’ clients but the most directly, CPAs: a cybersecurity tax credit.

The Cost of Cybercrime

A 2018 report conducted by McAfee and the Center for Strategic and International Studies (CSIS) revealed that cybercrime now racks up costs close to $600 billion – 0.8 percent of the global GDP. And there’s no sign of decline. The black hats are after everyone.

Nevertheless, a Hiscox survey discovered that 47 percent of small businesses suffered at least one cyberattack within the past year. To the average tune of $34,604. Even more troubling: 44 percent of those, experienced two to four hits. ¹ Cyber-lightning can strike twice – even thrice.

Why are small-business cyber stats relevant here? A copious amount of CPA firms classify as ‘small’: reportedly 41,600 out of approximately 42,000 total firms in the U.S.

These are firms that employ less than five staff with revenues less than $600,000. ³ Another report has suggested that 50 percent of small firms walk away with only $160,000 in revenue and a meager $64,000 to $80,000 in profits. ⁵

Cyber-Budget Blues

Depending on the firm’s financial obligations, that’s not a lot of extra cash or manpower to delegate to cybersecurity. Many smaller practices naively depend on outdated security software and cybersecurity elements native within apps and devices, which have proven an easy meal for hackers.

But the data that CPA firms store and manage are far too sensitive and revealing to be left to the constraints of small firms’ own financial devices – because the information is far too enticing to the wild, wild web villains.

Banking numbers, income and tax information, identifying data - such as social security numbers, addresses, emails, phones numbers - all together a virtual jackpot for perpetrating identity and financial theft.

A cybersecurity tax credit could help small CPA practices build better cyber armor to protect their data - and ultimately their clients. The money returned in tax credits could be reinvested back into more robust software, hardware, cybersecurity training for employees, and maintaining an overall formidable cyber defense system.

State of Cyber Initiative

Incentivization has begun to move at the state level. New York City made a call to the cybersecurity community for “new, affordable and scalable solutions to protect New York’s small and mid-size business from cyber-attacks.”³

And Maryland devised three programs to motivate: the small business-minded “Buy Maryland Cybersecurity Tax Credit,” the Cybersecurity Investment Incentive Tax Credit,” and the “Maryland Defense Cybersecurity Assistance Program (DCAP)”. Other states are also reportedly developing their own incentives.

Here’s hoping the federal government will jump on board soon.

Plea for Cyber Protection

As long as electricity flows through our outlets and the Internet connects us, we will fight faceless foes in a battle to protect our data.

And many small businesses – like modest CPA firms – stand as the most vulnerable yet possess fewer resources to safeguard themselves appropriately. Perhaps the federal government will answer the nation’s call for backup and establish a cybersecurity tax credit.

1. It’s time for the federal government to incentivize cybersecurity, Accounting Today, 2019
2. The Trusted Professional, NYS Society of CPAs, 2016
3. Art of Accounting: The Future of the Small Firm, Accounting Today, 2016
4. 2018 Hiscox Small Business Cyber Risk Report, Hiscox, 2018
5. Small CPA Firm Profitability, Evergreen Small Business, 2017