We are proud to be named a West Coast Regional Leader for 2024

A holistic approach is key for cybersecurity within professional services firms

ARTICLE | May 30, 2024

Authored by RSM US LLP

Cybercriminals balance their desire for big paydays with the odds of success. Many large law firms, consultancies and ad agencies tend to have strong cybersecurity, so hackers often target the smaller professional services firms they perceive as more vulnerable.

While firms of all sizes are taking cybersecurity seriously, their drive to protect digital assets does not always line up with their resources, says Michael Gerlach, an RSM partner and professional services senior analyst.

“The bigger firms have policies, testing, training, cyber insurance and tools that you would expect,” Gerlach says. “But as you move farther downstream, it gets a little less refined. Smaller firms typically have less of a cyber strategy.”

"Some firms say, ‘Let’s go down the AI path’ or ‘Let's go down the cloud path,’ and that’s good. But with each investment in technology, you also have additional risks and exposure that you need to address."

Michael Gerlach, RSM Professional Services Senior Analyst

Because of limited resources, those firms often make do with what they have, he says, adding that he has observed a “hodgepodge approach” that frequently relies on a mix of third-party providers.

Regardless of an organization’s size, leaders need to understand how their data is stored and identify weak spots in their systems, says Gerlach, who advocates a holistic approach to cybersecurity that takes into account all of an organization’s systems. That can be a tough transition for professional services firms, which often have decentralized leadership and disparate workstreams.

“Some firms say, ‘Let’s go down the AI path’ or ‘Let's go down the cloud path,’ and that’s good,” Gerlach says. “But with each investment in technology, you also have additional risks and exposure that you need to address. It’s a matter of ensuring that professional services firms are being diligent about the changes in cyberthreats and working to mitigate them.”

Let's Talk!

Call us at +1 213.873.1700, email us at or fill out the form below and we'll contact you to discuss your specific situation.

  • Topic Name:
  • Should be Empty:

Source: RSM US LLP.
Reprinted with permission from RSM US LLP.
© 2024 RSM US LLP. All rights reserved.

RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent assurance, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit for more information regarding RSM US LLP and RSM International.

​Vasquez + Company LLP has over 50 years of experience in performing audit, tax, accounting, and consulting services for all types of governmental entities, nonprofit organizations, private companies, and publicly traded companies. We are the largest minority-controlled accounting firm in the United States and the only one to have global operations, and certified as MBE with the Supplier Clearinghouse for the Utility Supplier Diversity Program of the California Public Utilities Commission.

For more information on how Vasquez can assist you, please email or call +1.213.873.1700.

Subscribe to receive important updates from our Insights and Resources.

  • Should be Empty: