Fiduciaries: Why your data is the ideal target for cyber criminals and how to protect it

Fiduciaries hold a considerable volume of critical financial and personal data. Hacking a fiduciary means gaining access to dozens if not hundreds of companies’ data in a single attack.

The risk is real and specific to your activity:

• The domino effect: An attack on your system spreads immediately to your clients’ data, exposing them to fraud, delays in VAT and social contribution payments, and to legal proceedings.
• Reliance on service providers: Your reliance on hosting providers and business software (accounting systems, shared cloud platforms) carries the risk of a domino effect. If a shared service provider is attacked, the impact has repercussions throughout the chain.
• Regulatory impact: In the event of a violation, the obligations associated with the GDPR, and the risks of sanctions from the CNPD (the National Commission for Data Protection) in Luxembourg can be considerable, incurring professional civil liability and altering your firm’s reputation for years to come.
• Furthermore, the NC3, Luxembourg’s National Cyber Security Centre, has warned of increased targeting of critical subcontractors of big companies, a category that fiduciaries certainly belong to.

Let’s imagine the following scenario:  a fiduciary is infected by malware which exfiltrates its clients’ sensitive financial data. Although the intrusion is detected, the data is put up for sale on the dark web. The fiduciary then finds itself having to deal with a crisis of confidence, reporting obligations and threats of legal proceedings from its clients.

In this scenario, easyPRO Cyber insurance would have covered the following costs:

• Emergency support: €720
• Notifying clients and authorities: €5,000
• Recovery of the exfiltrated data: €20,000
• Civil liability (damage to third parties): €80,000
• Monitoring the compromised data: €10,000

This example illustrates the extensive costs that a fiduciary can incur without adequate cover.

Successful cyber attacks can paralyse a fiduciary’s activity, putting its very existence at risk in a profession that is founded on rigour and trust.

• Blocked accounting systems: Encoding or compromising management software and tax declaration tools leads to delays in accounting and tax obligations, which directly penalises clients.
• Theft of ultra-sensitive data: Accounting balance sheets, IBANs and tax data can be sold or used for fraud that targets your clients.
• Loss of confidence: A leak of confidential information can permanently damage customer relations and incur the fiduciary’s professional civil liability.
• Regulatory and legal consequences: Fiduciaries expose themselves to complaints, sanctions from the CNPD and costly litigation.

In the face of this increased threat, a simple response is no longer adequate. You have to adopt a structured strategy, based on three essential pillars and implemented concretely by the easyPRO Cyber solution: Anticipate, Respond and Repair.

1. Anticipate: Proactive prevention

The easyPRO Cyber approach begins way before an incident occurs. It starts with a free cyber security scan, which gives you a precise score for the level of vulnerability of your organisation. This diagnosis allows you to identify weaknesses before they can be exploited, thus significantly reducing the risk of attack.

Thanks to the Dattak Defense platform, the insured party benefits from continuous surveillance and real-time alerts to detect anomalies, a useful addition to your usual IT service providers. The approach also includes advanced audits and simulated phishing campaigns, designed by experts, to raise your employees’ awareness of human errors, which are often the main cause of intrusions. 

2. Respond: Immediate intervention 24/7 

When an incident occurs, every minute counts. easyPRO Cyber is supported by its partnership with Dattak to mobilise more than 50 specialists (cyber, legal and crisis management experts) who can intervene 24/7. The response time is under 2 minutes. This responsiveness allows you to contain the attack, to secure your systems and to manage crisis communication so that you can preserve your organisation’s reputation. The support also covers regulatory notifications and the associated costs, ensuring comprehensive assistance when dealing with events such as email fraud, cyber extortion or a data breach.

3. Repair: Financial protection and continuity

The solution reimburses any losses suffered, allowing you to deal with the consequences of the attack more calmly. Cover includes:

• Restoration of your systems and data.

• Operating losses calculated based on the peak of your activity (and not the usual average), vital for high-demand periods.

• Ransom negotiation costs in the event of cyber extortion.

• Legal defence costs and related procedures if a third party (patient, partner) is impacted.

Furthermore, easyPRO Cyber offers you the freedom to retain your trusted service provider in the event of an incident. Their fees will be paid once the quotes have been validated, allowing you to work with an IT expert you already know, while benefiting from insurance protection.