Cybersecurity in accountancy: criminals can penetrate 93% of company networks

cybercriminal planning an attack
By Eva Mrazikova | 24th March 2022 | 5 min read

If you think cybersecurity isn’t a priority for your accountancy firm, think again.

With statistics such as, accountants are 30% more likely to be hacked, it’s clear that added focus is needed on cybersecurity.

Yet, cybersecurity is a huge beast, with multiple considerations such as internal risks, insurance premiums and high maintenance costs — making it a challenging prospect for firms to get right.

To support, we’ve explored the impact of cyber breaches and the steps you can take to minimise risks and keep your firm safe.

Why are accountants at risk?

The information accountants hold is incredibly valuable — bank account details, billing addresses, Tax IDs, payroll data and employee records are all a cybercriminal’s dream.

Typically, many accountants use similar software and processes, creating an easily accessible weakness that can be found and exploited numerous times.

Add to this a lack of awareness and underestimation of the potential hazards, and the risk accountants face magnifies.

What is a cyberattack?

Cyberattacks can take many forms, including:

Ransomware: Malicious software that infects your systems.

Phishing/social engineering attacks: Tricking users into granting them access.

Supply chain attacks: Targeting third parties to exfiltrate information from enterprise systems.

Misusing information: Users either accidentally or deliberately misuse data they have legit access to.

Account compromises: Identifying common or re-used passwords to gain access to systems.

Why cybersecurity needs to be an ongoing focus

Criminal activity doesn’t stagnate – those looking to conduct cyberattacks are constantly thinking of new ways to steal data.

Take for example, when the pandemic struck and people moved to working from home, cybercriminals used this as an opportunity to scale up their activity, with AccountingToday reporting a 300% increase in attacks.

The impact on accountants is that you must remain vigilant and at the forefront of cybersecurity, as the protocols you have in place today may not suffice tomorrow.

What are the current biggest risks for accountants?

As cybersecurity contains such a wide spectrum of risks, where should you prioritise your efforts?

Below are the main risks for accountants in 2022:

Hybrid working:  As outlined by Kaspersky, home offices are typically less protected than a traditional office that features more secure firewalls, routers and access management.

Human error: Did you know that 95% of data breaches can be traced back to human error? Staff need to stay vigilant, review their processes and ensure they adhere to security protocols.

Data storage: How are you storing your data? Who has access? Is there a backup? These are all questions you need to be regularly asking yourself to ensure the client data you hold is safe and secure.

Using devices on the go: Whether you’re sorting emails from a café, or you’re getting the train to visit a client, using public-access WiFi connections can prove disastrous for cybersecurity as many cybercriminals ‘eavesdrop’ through these networks.

Growing teams: When new employees enter your firm, they may not have a sufficient level of cybersecurity training, putting your data at risk if not rectified.

Single data storage: Many accountancy firms continue to store their data onsite without a backup, placing a huge risk on their operations should an attack take place.

The impact of a security breach

For many, the initial consequences thought of when worrying about cyberattacks is the associated costs, but the actual ripple effect is far greater.

Operational impact

In some cases, a cyberattack can result in your software becoming unusable or your data being held for ransom, grinding your operations to a halt.

Financial impact

On average cyberattacks cost large businesses around £1.46m and smaller businesses between £65,000 and £115,000.

Reputational impact

Due to a cyberattack, your reputation may become tainted, and people could lose faith in your firm, resulting in:

  • Loss of customers
  • Loss of sales
  • Reduction in profit  

Legal impact

Whether a breach is deliberate or accidental, if it’s caused by your staff, you may be liable to fines via General Data Protection Regulation (GDPR).

Cyber insurance: How does it work?

With the rise in cyberattacks, many have opted for cyber insurance – also known as cyber-liability insurance – helping protect against fallout.

Jurgen Weiss, Head of Global Financial Services Research, explains: "The formal definition of cyber insurance is essentially a contract between an insurer and a company to protect against losses that are related to computer or network-based incidents.”

There is a common misconception that with cyber insurance, the responsibility is shifted onto the insurance provider.

But while cyber insurance helps you in the event of an attack, it’s your firm’s responsibility to manage your own security.

What’s covered under cyber insurance

Different providers have various nuances with their policies, but for the most part, the immediate costs associated with falling victim are covered.

This applies to various cyberattacks including ransomware, fraud and account compromises.

What isn’t covered under cyber insurance

Cyber insurance is relatively new and somewhat limited compared to the actual associated risks.

Aspects such as the cost of reputational damage and the loss of intellectual property are rarely covered by cyber insurance.

Additionally, like many other insurance contracts, cyber insurance rarely covers:

  • Acts of war or terrorism
  • Intentional acts committed by the insured
  • Acts committed before the policy date
  • Utility failure
  • Property damage

Are you looking for an in-depth view of cyber insurance? Check out our webinar that delves into the topic in greater detail.

How to mitigate the risk of cyberattacks

While cyber insurance offers some level of reassurance, with criminals able to penetrate 93% of company networks, you cannot allow it to make you complacent.

As detailed, the damage of a cyberattack stretches far wider than the initial financial cost covered with insurance, and as accountants are key targets, added focus is undoubtedly needed on security and prevention.

But how can you make your firm more secure? The answer: cloud-native solutions.

In fact, Gartner expects 85% of businesses to be cloud-first by 2025.

Cloud-native solutions – such as our IRIS solutions – provides the most secure environment to run your mission-critical operations, utilising encryption, and ISO-accredited processes.

Should you entrust security to a Managed Services & Software provider or run it in-house?

With security being such a sensitive subject, it’s understandable that many would want to keep it in-house.

But solely managing your own security processes is not only costly but also time-consuming.

Not only is an investment needed in hardware, software, and employees but regular maintenance and updates are also required.

Whereas with a provider such as IRIS, not only do you have access to best-of-breed platforms and solutions that feature the highest levels of security – you can also rest assured that we have teams of security experts dedicated to keeping you safe.

Click here for more information on our cloud solutions.

Webinar – Cybersecurity: a threat to your practice

In our recent webinar, we offer insights into the areas that need review to protect yourself against cybersecurity risks as well as delve further into cyber insurance.

Watch the webinar here.