Register to get free articles
Want unlimited access? View Plans
Already have an account? Sign in
Cybercrime is no longer just a concern for tech companies or multinationals, it’s a growing and pressing threat for accountancy firms of all sizes. From ransomware attacks to phishing schemes, cybercriminals are increasingly targeting professional services firms, and accountants sit firmly in their sights. Mark Lowther, head of technology, UK at Markel delves into the detail of this important issue.
Accountants hold vast amounts of sensitive client data: tax returns, financial statements, payroll records, and more. For cybercriminals, this data is gold. And in many cases, smaller firms, those without large in-house IT teams or advanced defences are seen as low-hanging fruit.
According to quarterly data from the Information Commissioner’s Office (ICO), approximately 100 accountancy firms in the UK report cyber-related data breaches every three months. That figure likely underrepresents the true scale of the problem, given how many incidents may go undetected or unreported. The profession, by its very nature, is an appealing target: firms are trusted intermediaries in their clients’ financial affairs and often hold sensitive data, system credentials or access rights to client platforms.
Consequences of cyber-incidents
The impact of a cyber-incident on a firm goes far beyond lost data. It can mean prolonged business disruption, reputational harm, and in some cases, regulatory scrutiny. With increasing client awareness of data privacy and the stringent requirements under UK GDPR, any breach could trigger not only ICO investigation but potential litigation.
Cyberattacks can also cause irreparable harm to client relationships. Losing confidential information even inadvertently can significantly erode trust, particularly in a sector where discretion and integrity are core to the value proposition.
What needs to change
Despite the risks, many accountancy firms still underestimate the threat. Cybersecurity is often seen as an IT issue, rather than a strategic business risk. In reality, it demands a board-level response and a whole-firm approach.
Here are three key areas where accountancy firms should focus their attention:
- Culture and awareness
The weakest link in cybersecurity is often human error. Training and awareness programmes can significantly reduce the risk of successful phishing attacks and other social engineering tactics. - Incident preparedness
Having a clear, tested response plan is vital. Firms should know what to do when, not if, an incident occurs. This includes communication protocols, data recovery steps, and client notification procedures. - Basic cyber hygiene
Multifactor authentication, strong password management, regular updates and patches, and access controls are all foundational elements that too many firms still overlook. Good hygiene can prevent the majority of attacks.
A shared challenge
Cybersecurity isn’t a problem any one firm can solve in isolation. It’s an evolving threat that requires collaboration across the profession. Industry bodies, insurers, and specialist advisers can all play a role in supporting accountants to raise standards and share knowledge.
As digital transformation continues to reshape the way accountancy services are delivered, the sector must match that progress with equal investment in cybersecurity readiness. It’s not just about avoiding fines or downtime, it’s about safeguarding the trust that clients place in their advisers every day.
For more information on how Markel can assist your firm in enhancing its cybersecurity, please visit uk.markel.com.
