Cybersecurity Advisory Practice

Aug 15, 2021 | CPA Blog |

Cyber attacks have become a common topic within the media with companies facing ransomware attacks, individuals facing identity theft, hacking, email scams, and so much more. The cyber world is full of risks, but there also lies great opportunity for those looking to help mitigate the risks for themselves and others.

Due to this continuously growing environment of risk, accounting and financial professionals may consider cyber security advisory practices as another opportunity to grow their business.

This begs the question, what skills and knowledge is needed to be successful with a cyber security advisory practice, and what services would that entail offering?

In order to enter into the cyber security advisory industry, a company or firm would first need a well thought out business strategy. First, it’s important to consider the knowledge already within the firm and what areas of expertise the firm would like to cover.  Second, the firm would need to consider the necessary steps to take in order to fill in the gaps of knowledge and expertise. 

By developing a strategy tailored to the firm and what the firm already knows and offers, this could help the company with important considerations about the cyber security advisory options the company can offer.

Top level management, such as partners and leaders, looking to offer cyber security advisory services should have someone in this tier of management with the drive and knowledge to build and manage the practice. They should already have the skills and abilities to practice in the cyber security arena. 

For those entrepreneurial spirited firms looking at this opportunity, many are considering the knowledge currently within their firm, while others are seeking out those knowledgeable individuals to bring in and build out this area. 

For mid-level management, this could be an opportunity for those who already have strong related skills, and an understanding of cyber security, to apply these skills in an advisory practice. Most of these individuals will already have experience with cyber governance and other technical aspects required for offering advisory services, providing them with the chance to hone their skills and develop more cyber security options for the company in the future.

As for staff members, hiring entry level, bright minded individuals with a passion for cyber security will also help build the practice as these individuals will embrace a strong understanding of technology, risk, control, and cyber security. 

The important point about considering cyber security advisory services is the variety of options a firm can offer. For example, there are opportunities to provide implementation and support, architecture reviews, governance matchup, other framework matchups, penetration testing, incident response, and establishing protocols are a few areas a company could focus their cyber security practice on. 

Considering the fact that CPA firms already have a level of IT risk and control mechanisms in place, the opportunity to offer these advisory services is often already established for many firms. These services have the potential to build into more opportunities and increase service options as the firm's resources, knowledge, and skills continue to grow within their cyber security advisory practice.

A short, but non-comprehensive list of services that a firm may offer are:

  • Financial Reporting Controls
  • Cyber Compliances
  • Architecture Consulting
  • Penetration Testing
  • Employee Awareness Training
  • Cloud Base Technology Services
  • Identify Access Management
  • Software Development Life Cycle
  • Transaction Advisory
  • Incident Response
  • Breach Couching 

Another option could be, along with the firm's current expertise, partnering with other firms providing those services or considering expanding to provide them. 

As you can see, there are many paths to choose from.  As accountants are typically ensconced in an environment that addresses risk, growing a firm that offers this type of risk relief can be a smart move for those interested in cyber security.