Accountants have continued to digitalise at pace, adopting cloud platforms, remote working tools and outsourced IT support to improve efficiency and client service. These developments offer clear benefits, but they may also introduce new forms of operational and regulatory risk that firms need to manage carefully.

It is a common misconception among smaller practices that cyber insurance is only necessary for large firms, and that outsourced IT providers will absorb the risk of an incident. In reality, SMEs routinely file cyber claims, and IT contracts may not cover regulatory, reputational or legal fallout.

As accountants become more dependent on interconnected systems and hold greater volumes of sensitive financial data, the value of comprehensive cyber protection has increased significantly. For many firms, cyber insurance now forms an important part of business resilience.

Emerging cyber risks for accountancy

Making Tax Digital 

Making Tax Digital continues to push more of the accounting work-flow online. Client record keeping, real-time submissions and third-party software is designed to support accuracy but continuous digital record-keeping and third-party integrations may introduce vulnerabilities. Firms remain responsible for due diligence on access controls, user authentication and secure data handling when using digital record-keeping and submission systems.

AI adoption 
A recent survey indicates that 91% of UK accountants are using or planning to use AI. From automated data extraction and invoice processing to predictive cashflow analysis and client-facing advisory tools, AI is now imbedded in day-to-day accounting. These systems often rely on sensitive financial data, so firms need clarity on where it’s stored, how it’s processed, and whether third-party vendors have robust security standards. As these tools develop, firms need to consider how sensitive financial information is being fed into AI systems and whether robust safeguards are in place.

Reputation and trust 
Even a small breach can affect client confidence. Protecting sensitive information and demonstrating preparedness for incidents are key in maintaining a firm’s professional reputation.

Data protection and GDPR 
A data breach can trigger immediate GDPR obligations, including assessing impact, notifying affected individuals and reporting to the ICO. Cyber insurance can provide access to independent legal counsel who are able to advise firms in responding to the breach. The ‘breach counsel’ acts solely in the client’s interest, guiding firms through mandatory GDPR reporting, liaising with the ICO, and coordinating communications so firms remain compliant throughout the incident.

Operational safeguarding for accountants

Effective operational safeguarding within an accounting firm supports:

•    protection of sensitive client data 

•    business continuity during outages 

•    meeting GDPR and sector expectations 

•    maintaining trust and credibility 

•    managing emerging risks proactively. 

These principles frame the everyday responsibilities modern accountancy firms must uphold as part of their cyber risk management. Practical measures include:

Multi-factor authentication (MFA) 
MFA is one of the most effective defences against unauthorised access. It reduces the likelihood that compromised credentials can be used to access cloud platforms or email systems. Cyber insurers increasingly consider MFA a minimum-security requirement.

Employee training 
Regular training on risk management and the latest vulnerabilities/techniques employed by hackers helps staff identify suspicious activity.

Patch management 
Keeping systems updated reduces the risk of hackers exploiting known vulnerabilities.

Encryption and backups 
Encrypted data and reliable backups help firms recover quickly from incidents.

Policies and audits 
Clear procedures for device use, secure data handling and incident response strengthen governance.

Secure cloud configurations 
Cloud services can be highly secure when properly configured. Firms should review provider controls and confirm who owns responsibility for security and compliance.

Cyber insurance as part of broader risk management

Smaller firms often assume they are not an appealing target, yet cybercriminals increasingly automate attacks, making any firm with digital systems a potential victim. Effective risk management now means recognising cyber risk as an operational risk that can disrupt service delivery, damage client relationships and generate significant regulatory exposure. Cyber insurance policies often include:

Pre-breach services 
Insurers support businesses in cyber readiness with pre-breach services. The services could include conducting vulnerability scans and system fitness checks to identify weaknesses before an incident can occur and providing access to training materials to improve staff awareness and unlimited access to a virtual CISO (Chief Information Security Officer) for tailored advice on how to improve your controls.

Breach response 
In the event of an incident clients have fast access to a range of independent experts – saving time in sourcing vendors at a critical moment during an incident:

• a 24/7 incident hotline 
• breach counsel, a lawyer to provide regulatory guidance 
• digital forensics to identify and contain the incident 
• technical support for system restoration 
• advice on ransomware incidents and communication strategies. 

This structured support helps firms recover quickly, minimise disruption and comply with regulatory obligations. It’s also important to highlight breach counsel’s role with regard to legal privilege. Client instructions direct to vendors (such as digital forensics), without a breach counsel engaged, results in the instruction not being subject to legal privilege and therefore open to disclosure to third-parties.

High financial and regulatory impact
A cyber incident doesn’t need to be large to create disruption. Even a minor breach could require legal advice, forensic investigation, data subject notification and communication with the ICO. If core systems are unavailable during a busy reporting period, the impact on revenue and client delivery could be considerable.

Cyber insurance assists with these challenges by offering a structured approach to managing response costs, business interruption and regulatory engagement. For many firms, this support may be as valuable as the financial indemnity itself.

Breach response and claims support

Cyber insurance offers more than financial protection. Modern policies provide structured, practical support to help firms prepare for incidents, manage them effectively and return to normal operations with minimal disruption. Brit Insurance describe this through a three-stage framework: Ready, Set, Recover.

Ready: building resilience before an incident

Firms can receive tools and resources to help identify vulnerabilities and strengthen their defences. These may include:

• complimentary outside-in security scanning to highlight potential weaknesses
• access to a knowledge centre containing training materials and more than 500 compliance and risk-management resources
• cyber fitness checks that help firms assess their readiness and prioritise improvements.

Set: reinforcing governance and technical readiness

Support is available to help firms develop incident response planning and strengthen day-to-day security management. This may involve:

• incident response planning templates and sample procedures
• unlimited access to a virtual CISO for tailored advice
• online training covering privacy, data protection and cyber-security issues
• regular bulletins, posters and webinars to support staff awareness.

Recover: helping firms get back on track after an incident

If a cyber event occurs, firms can gain immediate access to specialist support to manage the technical, legal and operational implications. This may include:

• a 24/7 breach-reporting hotline staffed by independent experts
• an app-based reporting tool that enables rapid notification and live updates
• guidance from breach-response vendors and claims specialists who support investigations, containment and communication throughout the incident.

This structured approach helps to ensure that firms will not be left to manage a cyber incident alone and helps protect both operational continuity and client confidence.

Brit and Lockton are here to support accounting firms

Many insurers promote frameworks that help firms prepare for incidents, respond effectively and return to normal operations. For accounting firms without dedicated IT or legal teams, this can be a vital component of resilience.

For firms seeking clarity on how emerging digital risks may affect their operations, speaking with experienced cyber specialists can provide valuable direction.

The article has been written for Lockton by Camila Araya – development cyber underwriter, global cyber, privacy & technology, Brit Global Specialty, Brit Insurance (telephone 020 3857 1162).

Lockton is ACCA’s recommended broker for PII. For more information, visit Lockton’s Accountants page or email Hannah Brewin, Lockton account executive (telephone 0117 906 5031).