RALEIGH – Data breaches such as the massive one at T-Mobile are wearing on the minds of Americans, a new survey finds.

A July study from IBM Security found that the average cost of a security breach to a company was $4.24 million per incident, and a study released this week from the Association of International Certified Professional Accountants (AICPA) reports that 89% of Americans are concerned about the ability of businesses to safeguard their financial and personal information.

This week, T-Mobile confirmed a data breach had occurred after hackers told Vice they were selling customer information.  The company later announced on its website that the breach could affect as many as 850,000 prepaid customers, 7.8 million postpaid subscribers, and more than 40 million past or prospective customers who have applied for credit with T-Mobile.

The AICPA study, which analyzed survey data from a survey conducted earlier this year by The Harris Poll, also found that 49% of Americans are either very concerned or extremely concerned about the ability of businesses to protect their privacy.

“Cybersecurity has been an increasingly important consideration for the finance function over the past decade and it is now critical that every CFO is directly involved in the effective management of this significant risk,” said Ash Noah, CPA, FCMA, CGMA, and AICPA vice president of CGMA External Relations in a statement. “These breaches erode customer trust, have a devastating impact on reputation and a tangible impact on the bottom line. Understanding cyber risks and ensuring that organizations are devoting enough resources to mitigating them needs to be a top priority for all finance teams.”

Data breaches also affect customers in their personal lives.  19% of respondents said they’d been a victim of identity theft, according to the recent poll from AICPA.

T-Mobile: Data breach affects more than 40M people

“Data breaches are becoming alarmingly routine, costing companies and individuals each time,” said Rich Vera, CPA, CITP, and member of the AICPA’s CITP credentialing committee in a statement.  “And while hackers are continually finding new ways to access secured information, there are many things companies and individuals can do to better safeguard their information and minimize any potential damage a data breach can cause.”

But the AICPA also advises that CPAs can play a role helping their companies and clients protect against cybersecurity threats, due to a CPA’s perspective on all functions and operations of a business.

CPAs can help organizations better identify and mitigate cybersecurity risks, the AICPA noted.  The association provides a risk management reporting framework, which it calls System and Organization Controls (SOC) for Cybersecurity, that businesses may be able to use to assess risk.