Article in a snapshot:

• Key emerging risks to help clients understand
• Where cyber insurance fits into risk management
• Cyber incidents across the accountancy sector
• Regulatory and legislative landscape
• What operational safeguarding looks like in practice
• International perspective
  
  
  

Accountancy practices are undergoing rapid change. Cloud accounting platforms, remote working, Making Tax Digital and emerging AI tools are transforming how firms operate and serve their clients. These developments bring efficiency, but they also increase reliance on online systems and third-party technology. 

For accountancy firms, this means greater volumes of sensitive data moving between systems, more points of access for attackers and a higher operational impact if something goes wrong. Cyber incidents are no longer rare or confined to large firms. They can affect practices of any size and disrupt day-to-day work almost instantly. 

The exposure faced by accountancy firms was brought into sharp focus by a ransomware attack on Optionis, now part of the Caroola Group. In that incident, a large volume of client information was unlawfully accessed and later shared publicly. Following its investigation, the ICO issued a reprimand in early 2024, pointing to shortcomings in access controls and the lack of multi-factor authentication. Although the incident was significant in scale, the types of control failures identified are not uncommon within the profession.

Key emerging risks for accountancy firms

Making Tax Digital and continuous data exposure

Making Tax Digital requires firms to keep digital records and submit information using HMRC-recognised software. While these tools support accuracy and compliance, they also increase the amount of data stored electronically and the frequency with which systems connect to external platforms. 

Firms should understand that using recognised software does not remove the need for strong access controls, authentication and data-handling practices. Responsibility for security ultimately remains with the firm.

AI adoption in accountancy

Many accountancy firms are starting to use AI to automate bookkeeping, analyse data or support advisory work. A recent survey found that as many as 91% of accountants in the UK have already adopted AI into their daily work. These tools often involve uploading or processing sensitive financial information. 

It is important to understand where that data is stored, who can access it and what happens if an AI provider is compromised. AI can be valuable, but it needs to be adopted with appropriate safeguards in place.

Data protection and regulatory pressure

A cyber incident can quickly turn into a regulatory issue. Firms may need to assess the impact, notify affected clients and report to the ICO. Doing this while systems are disrupted can be challenging, particularly for smaller practices without in-house legal or IT support. 

Cyber insurance can play an important role here by providing access to independent breach counsel who guide firms through the regulatory process.

SMEs are targeted as well

Many businesses still believe cyber criminals primarily target large organisations, but data tells a different story. Research from NetDilligence found that 98% of cyber claims come from SMEs but represent roughly half of the total recovery costs. 

Automated attack techniques allow criminals to identify weaknesses such as poor password controls, missing software updates or insecure remote access across thousands of organisations at once. Smaller practices may have limited time or resources to invest in cyber training and formal security frameworks, which can increase their exposure to phishing, email compromise and other opportunistic attacks.

Cyber incidents across the accountancy sector

Recent events have shown that accountancy firms of all sizes can be affected by serious cyber incidents. Some examples include:

Optionis

Optionis, now part of the Caroola Group mentioned above, suffered a ransomware attack that resulted in the unauthorised access and disclosure of hundreds of thousands of client files, followed by regulatory scrutiny.

Sibbalds Chartered Accountants

Sibbalds Chartered Accountants was the target of the Rhysida ransomware group, which threatened to publish stolen data unless demands were met.

Xeinadin Group

Xeinadin Group disclosed that attackers had accessed and removed a 1.5TB of client information, including identity documents, financial records and legal files.


These incidents highlight that cyber threats can affect both smaller practices and large accountancy networks, and that determined attackers may target firms regardless of size or profile.

What operational safeguarding looks like in practice

Operational safeguarding is about protecting the firm’s ability to operate, serve clients and meet regulatory obligations, even when something goes wrong. Here are a few key outcomes to doing that:

• Protecting sensitive client and employee data
• Maintaining business continuity during disruption
• Meeting GDPR and professional obligations
• Preserving client confidence and trust
• Managing risk in a structured, proportionate way
• Practical safeguards clients can implement

Cyber security doesn't have to be complex or overwhelming. Many effective controls are straightforward and achievable.

Multi factor authentication

MFA is one of the most effective ways to reduce unauthorised access. It significantly lowers the risk of email compromise and is now widely expected by cyber insurers.

Staff awareness and training

Phishing remains a common entry point for attacks. Regular training helps reduce human error.

System patching and updates

Keeping software up to date closes known vulnerabilities that attackers commonly exploit.

Backups and encryption

Secure backups and encrypted data help firms recover more quickly if systems are compromised.

Clear policies and audits

Documented procedures for access, devices and incident response support good governance and regulatory defensibility.

Secure use of cloud services

Cloud platforms can be highly secure, but only when configured correctly. Clients should understand where responsibilities sit between them and their providers.

Where cyber insurance fits into risk management

Cyber insurance is part of a broader approach to operational safeguarding, not as a replacement for good practice. One of the most common barriers is the belief that cyber insurance only pays claims. In reality, modern policies offer much more.

Support before an incident

Many policies include pre-breach services such as security assessments, training resources and access to specialist advice. These can help clients improve their cyber maturity over time.

Support during an incident

If a breach occurs, clients gain immediate access to a coordinated response. This typically includes a 24/7 reporting line, breach counsel, digital forensics and technical support to contain the issue and restore systems.

A structured path to recovery

At Brit, we follow a “Ready, Set, Recover” approach, helping firms prepare for incidents, respond effectively and return to normal operations. For SMEs without internal specialists, this support can be critical.

Regulatory and legislative landscape

UK GDPR and ICO oversight

Expectations around data protection continue to rise. Where a qualifying breach occurs, firms are required to assess its impact, notify the ICO and, in some cases, inform affected individuals. Regulators have shown a willingness to intervene where security arrangements fall short, reinforcing the need for firms to maintain appropriate technical controls and clear records of decision making.

Data (Use and Access) Act 2025

This legislation introduces further changes to the UK’s data protection regime, including updated rules around automated processing and enhanced safeguards for children’s information. Accountancy firms may need to revisit internal policies, refresh privacy notices and confirm that systems and workflows remain aligned with the revised requirements.

Cyber Security and Resilience Bill

The proposed reforms to national cyber regulation broaden oversight to include managed service providers and digital service platforms. Given the profession’s reliance on outsourced IT and cloud services, firms should ensure that contracts clearly define security responsibilities and incident management expectations.

International perspective

Developments in the United States and Canada point to similar trends, including a rise in business email compromise and increasing claim costs for smaller organisations. Insurers in those markets have responded by integrating incident response services into standard cyber policies, an approach that is now firmly established in the UK.

Support for accountancy firms

Accountants understand risk in many forms. Cyber can feel abstract, but it has a tangible link to continuity and trust. Points that might resonate include:

• Cyber incidents can stop work just as quickly as a physical event
• Attackers do not target by size; automation means everyone is exposed 
• Outsourced IT does not remove responsibility or regulatory obligations 
  
  

Insurance complements IT support by providing legal, forensic and financial expertise at the point of crisis. Our pre breach services can play a key role in helping accountancy firms navigate an increasingly complex digital landscape. By addressing misconceptions and focusing on operational safeguarding, firms should use cyber insurance as a practical part of resilience planning. 

We have been writing cyber insurance for more than 20 years and currently provide cover for around 40% of Fortune 500 companies. From agile start-ups to multinational organisations, this experience provides deep insight into how cyber risks affect professional services firms.

Speak to us today about how our cyber cover helps accountancy clients build resilience, protect trust and respond confidently to cyber incidents.