Cyber Security Awareness Month is a good opportunity to reflect on the shift to digital tax processes under MTD and the new challenges it brings, according to Sarah‑Jane Owen, ICAEW's PII and Regulatory Manager.

“Firstly, it’s crucial for practitioners to understand how your insurance responds to these evolving risks,” says Owen. “ICAEW’s minimum professional indemnity insurance (PII) terms remain robust, covering claims in connection with 'professional business' including those linked to MTD.”

The cyber exclusion in ICAEW’s minimum PII wording is specific and applies only to first-party losses following a cyber event, such as your own costs. This means PII should still respond to client claims for professional negligence. However, ICAEW’s PII Committee recommends that accountants assess the benefits of separate cyber insurance, which can address gaps like business interruption or system restoration.

Why consider separate cyber insurance?

“While PII provides vital protection, it is not designed to cover all the risks associated with cyber incidents. Cyber insurance can plug important gaps”, explains Owen. Such insurance can cover:

• Restoring data and systems: If a firm is hit by ransomware and files are encrypted, cyber insurance can pay for IT specialists to restore systems and recover data.
• Business interruption: If a cyber-attack takes systems offline during a key MTD filing period, cyber cover could compensate for lost income and extra costs incurred to keep your business running.
• Incident response and notification: If client data is compromised, cyber insurance can provide access to legal and PR experts to help practitioners comply with notification requirements and manage reputational damage.

As part of Cyber Security Awareness Month, ICAEW has published a guide on what you should be looking out for when choosing cyber cover.

Four practical steps

As the risk landscape evolves, including the expansion of MTD, it’s important to take a proactive approach to managing professional and cyber risks.

“By putting the right measures in place now, you can help protect your firm, your clients, and your reputation,” says Owen. ICAEW recommends the following steps to support practices while navigate MTD and the increasing digitalisation of tax and accountancy services:

1. Have a cyber strategy: Every firm should develop and maintain a cyber strategy. ICAEW has outlined the essentials of a good cyber strategy, outlines best practice, including the importance of clear leadership, understanding your risks, preparing for incidents, and supporting staff.
2. Talk to a broker: Insurance brokers can explain the benefits of cyber policies and how they complement PII. They can advise on the right level of cover for your firm’s size and risk profile.
3. Engagement terms: Make sure engagement letters clearly set out what services are being providing, your responsibilities, and any limitations especially regarding the use of third-party software and digital submissions.
4. Prepare for incidents: Have procedures in place for responding to a hack or system failure, including backup protocols and client communications.

By understanding the strengths and limitations of PII and cyber insurance, practitioners can make informed decisions about their risk management.

“Taking proactive steps now, such as reviewing policies, updating procedures, and consulting with a broker will help ensure your firm is resilient and well-protected as MTD becomes the norm,” says Owen.