Why cyber risk matters for accountancy firms

Key emerging risks for accountancy firms

Making Tax Digital and continuous data exposure

Making Tax Digital requires firms to keep digital records and submit information using HMRC-recognised software. While these tools support accuracy and compliance, they also increase the amount of data stored electronically and the frequency with which systems connect to external platforms.

Firms should understand that using recognised software does not remove the need for strong access controls, authentication and data-handling practices. Responsibility for security ultimately remains with the firm.

AI adoption in accountancy

Many accountancy firms are starting to use AI to automate bookkeeping, analyse data or support advisory work. A recent survey found that as many as 91% of accountants in the UK have already adopted AI into their daily work. These tools often involve uploading or processing sensitive financial information.

It is important to understand where that data is stored, who can access it and what happens if an AI provider is compromised. AI can be valuable, but it needs to be adopted with appropriate safeguards in place.

Data protection and regulatory pressure

A cyber incident can quickly turn into a regulatory issue. Firms may need to assess the impact, notify affected clients and report to the ICO. Doing this while systems are disrupted can be challenging, particularly for smaller practices without in-house legal or IT support.

Cyber insurance can play an important role here by providing access to independent breach counsel who guide firms through the regulatory process.

SMEs are targeted as well

Many businesses still believe cyber criminals primarily target large organisations, but data tells a different story. Research from NetDilligence found that 98% of cyber claims come from SMEs but represent roughly half of the total recovery costs.

Automated attack techniques allow criminals to identify weaknesses such as poor password controls, missing software updates or insecure remote access across thousands of organisations at once. Smaller practices may have limited time or resources to invest in cyber training and formal security frameworks, which can increase their exposure to phishing, email compromise and other opportunistic attacks.

Cyber incidents across the accountancy sector

Recent events have shown that accountancy firms of all sizes can be affected by serious cyber incidents. Some examples include:

Optionis

Optionis, now part of the Caroola Group mentioned above, suffered a ransomware attack that resulted in the unauthorised access and disclosure of hundreds of thousands of client files, followed by regulatory scrutiny.

Sibbalds Chartered Accountants

Sibbalds Chartered Accountants was the target of the Rhysida ransomware group, which threatened to publish stolen data unless demands were met.

Xeinadin Group

Xeinadin Group disclosed that attackers had accessed and removed a 1.5TB of client information, including identity documents, financial records and legal files.

These incidents highlight that cyber threats can affect both smaller practices and large accountancy networks, and that determined attackers may target firms regardless of size or profile.