Skip to content

Why Are Accounting Firms a Target for Cybercriminals?

Monreal IT Feb 21, 2024 3:11:47 PM
Accounting Cybersecurity Stock Photo


Cybercrime continues to rise as the adoption of digital systems persists. Companies across all industries continue to see an increase in cyberattacks. Accounting firms are regularly targeted by cybercriminals for several reasons:

Salient Reasons

  1. Sensitive Information: Accounting firms interact with, and often host, sensitive information such as financial data, Tax IDs, bank account details, payroll data, and employee details. This information is especially attractive to cybercriminals.
  2. Software Vulnerabilities: Accounting firms frequently leverage the same software products. Once a vulnerability is known, attackers can use it to move laterally across businesses with those same products.
  3. Steppingstones Tactic: It’s often the goal of a cybercriminal to penetrate the environment of a larger organization by using smaller, less defended firms as proverbial steppingstones.
  4. Past Lack of Defense: Historically it’s been the case that the smaller the firm, the weaker the defenses. With an uptick in firms adopting MSSPs, such as Monreal IT, this correlation is beginning to break down. However, their past success in this area continues to motivate cybercriminals to attack these businesses in particular.
  5. Lack of Awareness Training: This ties into the previous point but deserves a dedicated entry because human error is the #1 attack vector for cybercriminals. Security Awareness Training (SAT) is currently the best strategy businesses can employ to combat this. Monreal IT offers a comprehensive SAT – reach out using the form/button below for more information.


In summary, there are reasons for cybercriminals to attack accounting firms in particular. Some straddle other verticals, but the type of information with which accountants deal is the chief reason. Therefore, it's essential for accounting firms to remain educated about the threats they face, and it’s just as important that these firms’ employees be trained routinely; they’re the first line of defense.

What this means in practice is enforcing employee training and preparing a Written Information Security Plan (WISP), as is now mandated by the IRS under penalty of hefty fines. These documents aren’t exactly intuitive, so it’s advisable to seek expert guidance when you create yours. Luckily, Monreal IT has experience creating and maintaining WISPs, as well as providing general IT support for accountants. Reach out today using the form below for a free 15-minute WISP consultation.