Cyber Security Wake-Up Call: Defending our digital future (Accountex Manchester 2025) 

When it comes to cybercrime, most people assume it’s something that happens to someone else. The careless clicker. The small business that didn’t bother with updates. The firm that still uses “Password123.” But what if it happened to someone who did everything right? 

At a recent panel I hosted at Accountex Manchester, accountant and entrepreneur Alex Falcon Huerta told a story that stopped the room. Alex runs Soaring Falcon, a tech-forward, cloud-first firm. She travels the world while running her business remotely. She’s the kind of person you’d expect to spot a scam a mile off. And yet, one day, a perfectly legitimate-sounding call from Revolut led to more than £50,000 vanishing from her account in minutes. 

No dodgy link. No obviously fake email. Just a sophisticated criminal, with access to partial account information, calmly guiding her through a “security check”. By the time she realised what had happened, it was too late. The money was gone. The shock lingered far longer. 

It’s one thing to read about scams like that in the papers; it’s quite another to hear it from someone you know, who runs a business that looks like yours. The story hit home because it demolished the myth that cybersecurity is mainly a technical problem. The real vulnerability, as Detective Inspector Dan Giannasi of the North West Cyber Resilience Centre put it, “isn’t the system – it’s the person sitting in front of it.” 

That’s the uncomfortable truth facing both accountants and their SME clients. For all the talk about ransomware and firewalls, the majority of attacks come down to social engineering: criminals posing as banks, suppliers, accountants or even internal colleagues. They don’t hack software; they hack trust. And right now, that trust is under sustained attack. 

The stats tell the story. Around two-thirds of accounting firms have suffered a cyber incident in the past year. Yet only one in ten hold even the most basic government-backed certification, Cyber Essentials. Nearly half offer no formal cybersecurity training at all. If those numbers described any other area of business performance, there’d be panic. But because the damage often happens quietly – a payment misdirected, a client’s data accessed, a staff member duped – too many firms still treat it as someone else’s problem. 

AI has made this exponentially worse. The old advice – “watch out for bad grammar” – no longer applies. Phishing emails are now fluent, well-branded and eerily convincing. Criminals can feed your website, your LinkedIn posts, even your tone of voice into an AI model and generate fake communications that sound exactly like you. As Dan warned, “the technology has levelled up the bad guys.” 

That reality puts accountants and advisers in a pivotal role. SMEs often assume their accountant is their most trusted guide on all things financial, and that includes security. Clients share banking credentials, tax logins, and commercially sensitive data as a matter of course. If that trust is breached – even if the accountant wasn’t directly at fault – the reputational damage is brutal. 

The takeaway from the panel was simple but vital: cybersecurity is now part of client service. Firms can no longer afford to see it as “IT’s job.” It’s everyone’s responsibility – partners, staff, and clients alike. That means embedding some practical habits: verifying payment changes with a quick phone call, questioning instructions that feel even slightly off, and treating Cyber Essentials as the baseline, not the benchmark. 

From the government side, Myrtle Lloyd, HMRC’s Director General of Customer Services, offered a stark perspective. HMRC monitors some 200 billion system events every month, blocking more than 1.5 billion potential attacks. Despite that, she said, “the weakest point remains where there’s a human in the loop.” That’s why HMRC continues to push for more secure digital communication – through its app and online accounts rather than by email – and works closely with the accounting sector to raise collective standards. 

For SME leaders, that same message applies. You can outsource your bookkeeping, your payroll, your IT – but not your risk. If a cyber-attack takes down your systems or drains your accounts, it’s your reputation, your clients and your future on the line. Prevention is no longer a nice-to-have; it’s a strategic priority. 

And for accountants, the message is clear too. When clients look to you for guidance, security has to sit alongside tax, cashflow and compliance. You don’t have to be a cyber expert BUT you do have to start the conversation. Because as Alex’s experience proved, even the savviest among us can fall victim. The real question is how many more will need a wake-up call before treating cybersecurity with the seriousness it deserves. 

We can’t stop every scammer, but we can stop making it easy for them. For accountants and SMEs alike, that starts with one thing: treating cybersecurity as part of how you do business, not something you do after it’s gone wrong. 

The post Cyber Security Wake-Up Call: Defending our digital future (Accountex Manchester 2025)  appeared first on Accounting Insight News.