Small and medium-sized accounting firms are increasingly becoming prime targets for cyber criminals. These firms often lack robust data security measures, making them particularly vulnerable to attacks. Given that accounting professionals handle sensitive financial data, the reputational and financial stakes are high. Following our previous insight into the wider threat landscape of the professional services sector, we’re now putting the spotlight specifically onto the accounting sector.

Recent statistics underscore the urgency of improving accounting firms’ cyber posture. Since the onset of the COVID-19 pandemic, accounting firms have experienced a staggering 300% increase in cyber-attacks.[1] This surge highlights the vulnerabilities inherent in an industry already at risk, exacerbated by the challenges of remote work. As such, strengthening cyber security posture must become a top priority for accounting firms seeking to defend against the rising tide of cyber threats.

The safeguarding of confidential data is paramount not only for the integrity of financial information but also for maintaining the reputation of both individual firms and the accounting profession as a whole. Understanding cyber security and data governance is essential for accounting professionals to protect their clients and themselves from potential breaches.

Current Industry Threats & Their Implications

As cloud-based accounting practice software has become increasingly popular for streamlining operations and enhancing productivity, it does unfortunately bring a new wave of potential threats. Accounting firms must recognise that direct attacks on cloud services are on the rise. It is essential for decision-makers to conduct thorough due diligence on their chosen providers, understanding where servers are located and how data will be managed in the event of a breach.

Research indicates that human error is a contributing factor in approximately 95% of all cyber breaches.[2] If staff are not adequately trained to handle sensitive data while working remotely, a firm could become vulnerable to significant cyber threats. For accounting practices with flexible working arrangements, such as remote work, it is vital to implement robust cyber security measures including:

• Protection against phishing emails and calls – One of our Cyber Security Awareness Month hot topics

• Securing home networks

• Adhering to best practices for data sharing – Improve your cyber hygiene

• Effectively using password managers

• Safeguarding personal devices

Firms should also consider the limitations of their cyber insurance - While cyber insurance can provide some financial support following a data breach or cyber-attack, it is important to note that it may not cover all scenarios. For instance, email phishing – a common social engineering attack – often falls outside the scope of coverage since it may not involve a direct data security breach.

The implications of such data breaches can be both financially and reputationally damaging for a business. In cases of serious violations of data protection principles; regulatory bodies such as the Information Commissioner's Office (ICO) have the authority to impose substantial fines, reaching up to £17.5 million or 4% of a firm's annual worldwide turnover, whichever is higher.

Given these challenges, firms must prioritise cyber security training and risk management strategies to protect themselves and their clients in an increasingly digital landscape.

6 Steps to Building a Stronger Cyber Posture:

1. Conduct Regular Security Assessments: Regular evaluations of your cyber security landscape, including vulnerability assessments and penetration testing, are vital. These assessments help identify weak points and prioritise areas for improvement, ensuring that your security posture remains strong over time.

2. Enhance Cyber Resilience Through Employee Training: Human error is often a weak link in cyber security. Providing comprehensive training can empower employees to recognise threats like phishing attacks, making them an integral part of your defence strategy. A well-trained workforce can significantly reduce the risk and impact of potential cyber incidents.

3. Implement Cyber Security Posture Management: Continuously monitor and manage your cyber security environment to stay ahead of evolving threats. This includes updating policies, ensuring compliance with industry standards, and implementing strong access controls. Integrating cyber security posture management into daily operations helps maintain robust defences.

4. Appointing Cyber Champions: Leverage the problem-solving skills of management accountants by appointing "Cyber Champions" within your organisation. Their analytical capabilities and business partnership experience can enhance communication about internal controls and vulnerability management. This approach can help create a culture of cyber security awareness and responsibility.

5. Cyber Security Insurance: Investing in cyber security insurance is essential for accounting firms. It protects against the financial repercussions of data breaches, lawsuits, and regulatory fines, providing a safety net during cyber incidents.

6. Adopt a Zero Trust Model: The Zero Trust approach, based on the principle of "never trust, always verify," is crucial in the modern threat landscape. By verifying every user and device, segmenting your network, and continuously monitoring for suspicious activity, organisations can reduce their attack surface and limit the potential damage from breaches.

Long-term Outlook of the Industry and Threat Advancement

Around 80% of organisations plan to increase their cyber security budgets[3] as part of their near-future plans over the coming year; significantly reflecting a heightened awareness of cyber risk. However, only 2% of companies report having fully implemented cyber resilience across their operations[4], underscoring an urgent need to address vulnerabilities.

PureCyber’s partnership with ACCA has helped bring much-needed awareness to the accountancy industry of the many cyber threats that firms may face and need to protect themselves from.

Cyber risks are a primary concern for tech leaders, with 66% identifying it as the top risk to mitigate in 2024. Key threats include cloud-related vulnerabilities (42%), hack-and-leak operations (38%), and third-party data breaches (35%). In tandem with these concerns, 78% of organisations have ramped up their investments in Generative AI over the past year.[4] Yet, two-thirds of security leaders acknowledge that this technology has expanded their attack surface, highlighting the necessity for robust security measures. Alongside their GenAI investments, 72% of leaders have now adopted AI in at least one business function.[5]

Despite the potential benefits of Generative AI, organisations face challenges in its integration, particularly due to compatibility issues with existing systems, and a lack of standardised internal policies. As AI continues to evolve, it is expected to increase both the volume and severity of cyber-attacks in the next two years. Future incidents are likely to be more impactful, as attackers leverage AI to rapidly analyse and extract critical information from vast amounts of stolen data. Furthermore, AI-driven phishing tactics are emerging, enabling cybercriminals to conduct more convincing mass phishing campaigns.

How can PureCyber Help?

Our dedicated team of cyber security and compliance experts are available to help secure your organisation and provide a bespoke, tailor-made cyber security service. Our service subscriptions offer a range of cyber security solutions for accountancy firms of all sizes. From vulnerability scanning to penetration testing, incident response and active threat detection, our cyber solutions ensure you can operate safely and securely with reassurance that your business, employees and customers are safe from cyber threats.

Need a refresh? No matter what level of cyber security knowledge you have, it is always valuable to refresh your understanding of terms, topics and techniques. Our PureCyber glossary of terms is the perfect place to brush up on your understanding.

Links:

PureCyber Security Subscription Designed for Accountancy

ACCA - Cyber Security and the Accounting Sector

[1] ACCA - The Ever Increasing Threat you Can’t Ignore

[2] WEF - Global Risks Report 2022

[3] Statista - Cyber Budget Changes 2024

[4] PwC - 2025 Global Digital Trust Insights

[5] Lockton - Taking AI Risk Management to the Next Level