In today’s ever-changing business landscape of increasingly regulated and cyber-threatened environments, Information Security (IS) incident response (IR) planning is no longer a “nice to have” – It is a business necessity, especially for small and medium-sized businesses.
In 2025, cybersecurity ranks as the second biggest business threat for small and mid-sized businesses. Nearly 43% of cyberattacks target small and medium businesses, yet only 14% feel adequately prepared to defend against them (htt).
Despite the prevalent risk many organizations, especially those outside of the traditional technology sector, continue to put Information Security and Incident Response planning on the backburner of the priority list.
Recently, Synergy Technical partnered with a mid-sized accounting firm to conduct a comprehensive assessment of their Information Security Plan (ISP) and Incident Response Plan (IRP). While accounting firms are adept at handling sensitive financial and tax data, it is common to prioritize daily service delivery and client data accuracy over formally defined and communicated security protocols. That is, until an incident occurs.
Synergy Technical’s objective of this recent engagement was to evaluate the firm’s current security posture as outlined in their ISP and IRP documents against Industry best practices and regulatory expectations. This included but was not limited to NIST, CIS, ISO standards, and relevant IRS publications (e.g., 5708). The result was an actionable gap analysis targeted at improving the organization’s ability to define, detect, respond to, and recover from security incidents.
Our assessment revealed several high-risk areas that are all too common among professional service firms:
Beyond gap identification and analysis, the value of this project came from translating our findings into clear, prioritized next steps. Collaborating with the firm’s internal IT and leadership teams, we:
The result of these actions? A comprehensive assessment of the firm’s present risk exposure, enhanced operational preparedness, and improved maturity in governance, incident response, and cybersecurity.
The completion of this project underscores a broader trend we are seeing across many industries. Organizations that do not view themselves as ‘tech companies’ often underinvest in security preparedness. Yet, cyber and security incidents do not discriminate against industries nor the size of your organization.
In 2025, 43% of all cyberattacks targeted small and mid-sized businesses, with over 50% of those companies experiencing at least one breach in the past year. The financial impact is staggering - each incident costs between $84,000 and $148,000 on average, and 60% of affected businesses shut down within six months. (htt1). Source: SpyHunter 2025 Cybersecurity Stats
Modern threat actors actively target companies that handle sensitive client data, especially those in financial services, legal, and healthcare – regardless of their technical footprint. An up to date, well understood, and actionable Information Security Plan and Incident Response Plan cannot be treated as check-the-box exercises. They are foundational blueprints for business continuity and resilience. While these are by no means the only critical documents an organization should maintain, these plans empower teams to respond decisively, limit damage, and recover efficiently in the face of critical threats to the business’s operations and reputation.
If your organization has not recently reviewed its information security or incident response plan – or worse, does not maintain these documents – we are here to help. Synergy Technical specializes in helping organizations assess, align, and strengthen their security posture based on real world standards and business needs.
Adam Farnsworth is a seasoned cybersecurity and technology risk professional with deep expertise in managing complex projects, mitigating technology risks, and aligning technical execution with strategic business goals. As a Senior Technical Project Manager at Synergy Technical, he leads cross-functional initiatives focused on secure solution delivery, risk management, and process optimization. Prior to this, Adam spent over five years at Ernst & Young (EY), advancing from Consultant to Manager while spearheading IT audits, SOX compliance programs, and internal control enhancements across various industries. He holds a CISA certification and a degree in Business and Computer Information Systems Security from James Madison University, bringing a strong technical and analytical foundation to every initiative.
When it comes to securing your cloud environment and addressing complex security challenges, you need a trusted and experienced partner. Synergy Technical has a proven track record of delivering tailored Cloud Security Assessments to organizations worldwide. With expertise across all 50 states and 70+ countries, we have the knowledge and technical skills to help you protect your cloud infrastructure, optimize your security configurations, and safeguard your organization’s critical data. Let us help you strengthen your defenses and build a resilient foundation for long-term success in the cloud.