Accountancy firms have good reason to ensure they are reviewing and mitigating cyber security risks in their practices. They are prime targets for cyber criminals, in part due to the valuable financial data they hold on other companies and the significant payments they make on behalf of clients, for example, for payroll activities.

The amount of information in the public domain on their business, such as ‘meet the team’ pages on their website, also provides valuable assets to help cyber criminals carry out impersonation campaigns on them and their clients

At Pro Drive IT, we’ve conducted research into how prepared accounting firms are to survive a significant cyber-attack and compared it to a baseline of the other clients we work with, largely financial services and legal firms. The data was collected as part of our wider benchmarking survey, a significant amount of which was surveyed at Accountex 2024.  You can find the report on that event by clicking here.

We discovered some worrying trends that highlight how unprepared many accountancy firms are, which we presented at a recent industry conference.

Key findings from our research

Our research revealed several concerning trends among accountants:

  • Only 9% of accountants have Cyber Essentials certification, a basic level of cyber hygiene endorsed by the UK government.
  • 22% admitted to never testing their backups,
  • 22% lack essential documents such as an Information Security Policy, a Cyber Incident Response Plan and a Business Continuity Plan.
  • 43% do not provide any form of regular cyber security training for their staff.

These statistics highlight a significant gap in the preparedness of accountants not only to prevent cyber-attacks in the first place, but just as importantly to be able to recover from them. A cyber-attack can have severe financial and reputational consequences, not to mention the emotional toll of the stress involved for the owners and staff of an affected firm.

Pro Drive IT’s approach to Cyber Resilience

At Pro Drive IT, we have developed a comprehensive approach to enhance cyber resilience for our clients. Having a good level of cyber security relies on having a robust operational procedure to manage and review it.  Pro Drive’s services exceed those of traditional IT service providers by focusing on proactive measures and continuous alignment with industry best practices

Education is a critical component of our strategy. We run webinars and roundtables, along with a free security audit to help accountants understand their current cyber security posture and identify areas for improvement. We can also assist with achieving Cyber Essentials, Cyber Assurance and ISO 27001 as appropriate.

The findings from our research underscore the urgent need for accountants to prioritize Cyber Resilience. By adopting a proactive approach and leveraging the resources and expertise offered by Pro Drive IT, accountants can significantly enhance their ability to withstand and recover from cyber-attacks. Together, we can create a safer digital environment for our clients and their businesses.

For more information on our services and upcoming events, please contact us using the form below.