Cybersecurity Resource Center 

Malicious cyberattacks against public and private companies and various agencies of the federal government have highlighted the growing cybersecurity risk to organizations of all sizes, in all sectors. As trusted advisors, CPAs play a multifaceted role in cybersecurity risk management by:
  • Protecting client and customer data: With cybersecurity attacks on the rise, CPA firms and businesses of all sizes must increase their awareness of potential internal risks and take proactive steps to safeguard valuable client and customer information.
  • Advising clients:  CPAs, especially those with a specialization in information technology, can share their expertise and best practices with clients, helping them address risks associated with cybersecurity. 
  • Providing assurance: As trusted business advisors, CPAs are uniquely positioned to provide an examination on an entity’s cybersecurity risk management program to help instill confidence in an entity’s efforts to address cybersecurity risks. 

Navigate the Cybersecurity Resource Center
Learn how CPA finance executives and accounting firms can manage cybersecurity challenges, and access cybersecurity news, information, events and resources developed by the AICPA.

Featured Resources - Access the latest cybersecurity resources and learning opportunities.
Resources - These key resources can help you better understand cybersecurity issues and solutions. 
CPE and Events - Link to available cybersecurity learning opportunities.
News and Articles - Read news about cybersecurity and how it affects businesses and clients.
Other Related Resources - Find additional cybersecurity information through these related resources. 

Featured Resources

  • From the Private Companies Practice Section (PCPS): A CPA's Introduction to Cybersecurity (available exclusively to AICPA members), the first piece of the PCPS Cybersecurity toolkit, helps practitioners understand the cybersecurity risks they and their clients face, and summarizes cybersecurity policies and practices that every CPA firm should have in place.
  • To help businesses and organizations report on their cybersecurity risk management efforts, the AICPA's Assurance Services Executive Committee (ASEC) has exposed two sets of criteria:
    • Proposed Description Criteria for Management's Description of an Entity's Cybersecurity Risk Management Program 
    • Proposed Revision of Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy 

In addition to these exposure drafts, you can find a number of other helpful resources including a backgrounder on the AICPA's upcoming cybersecurity engagement, a mapping of the Proposed Trust Services Criteria and the AICPA's input to the Commission on Enhancing National Cybersecurity on



    CPE and Events


    News and Articles

    See more cybersecurity news and articles.

    Other Related Resources


    Trust Services

    Service Organization Control Reports®

    The Institute of Internal Auditors (IIN)

    A A A

    Copyright © 2006-2017 American Institute of CPAs.