Selling Security and Compliance Services to Financial, Legal, and CPA Markets

Back to Blog
Worawee Meepian

Selling Security and Compliance Services to Financial, Legal, and CPA Markets

The financial and legal industries are among the most highly regulated in the country – typically bound to both government laws and industry regulations. Yet, financial firms expose more than 60 percent of all leaked records.1 A survey conducted by the American Bar Association (ABA) revealed that 36 percent of firms harbored systems infected with malware.2

Law firms, certified public accountants (CPAs), and financial institutions often have clients who manage high-value data for their clients – such as accounting firms that serve healthcare organizations. If the accounting firm gets hacked, the healthcare organization must notify all its patients of the breach.

With risks of this magnitude, businesses in these sectors need formidable cybersecurity and data protection. And they need MSPs who can provide it.

So how do you land new accounts? Learn what type of services they offer, who are their clients are, and what drives their business. You must also learn their cybersecurity competency:

  • Do they understand their industry regulations?
  • Do they know and follow cybersecurity best practices?
  • Do they realize the repercussions of non-compliance?

Financial organizations bear an enormous load of cyber and data laws through regulating entities such as Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), and the Federal Financial Institution Examination Council (FFIEC). If the institution processes credit cards, they must also observe the Payment Card Industry (PCI) Security Council Standards.

Law firms must effect reasonable efforts to guard against the inadvertent or unauthorized disclosure of client information. In the not-so-distant past, most court and client documents lived on and were managed via hard copies. But now most case information is filed electronically, adding an additional dimension to firms’ cybersecurity needs.

The competency standard is another modern cyber twist for attorneys. This mandates that lawyers can only take on cases for which they are qualified. For example, a divorce attorney could not handle a murder trial. But now, understanding cybersecurity and the risks of technology are part of competency requirements. Lawyers must either prove they possess an acceptable level of cybersecurity knowledge or hire an expert to assist.

CPAs share similar ethics and confidentiality standards as attorneys as they handle sensitive client financial and tax information – personal or corporate. Their major governing institution is the American Institute of Certified Public Accountants (AICPA), but they must also satisfy financial and tax regulations and any regulations of their clients’ industry.

Not only can a single data breach jeopardize an attorney’s or a CPA’s ethical, confidentiality, and competency standings, it can also obstruct court filing deadlines, tax filing deadlines, and threaten the client relationships. Reputation is a driving force in these sectors. No one wants a lawyer or accountant with a history of cybersecurity fumbles.

For all three of these vertical markets, you must get to your clients to understand the full breadth of their cybersecurity needs. Opportunities exist for both security managed services and compliance services. You can evaluate their cybersecurity competency and help them realize their risks. Your services can deliver more robust security to protect their data and increase up-time and productivity. Compliance services not only ensure they comply with regulations but also provides the required documentation of policies and procedures that proves an organization is doing what’s necessary to protect the data.

Request a free demo for Compliance Manager today.


  1. More than 60% of All Leaked Records Exposed by Financial Services Firms, Security Magazine, 2019
  2. American Bar Association Tech Report 2019