AI-powered hacking in accounting: ‘No one is safe’

Once upon a time, in the early 2000s, cyberattacks were like ghost stories for the corporate world.

They were chilling to hear about but easy to dismiss. That won’t happen to us. It’s overblown. There’s nothing to be afraid of.

“I have performed many cybersecurity assessments for financial institutions, and the urgency just wasn’t there years ago. It didn’t feel real, as not enough organizations were getting hit for it to matter,” explained Chris Tait, a principal specializing in cybersecurity risk management at Baker Tilly.

Today, the threat is undeniably real. Hackers are stealing money, data, and identities from organizations large and small. Hackers are using familiar avenues of attack, but they’re iterating and expanding on them, often with the help of artificial intelligence. The attacks are more advanced, more widespread — and more frightening, especially for accounting professionals.

“It’s like a pandemic now, to some degree, because no one is safe,” Tait said.

IBM’s Cost of a Data Breach Report 2025 found that the typical data breach in the financial industry carried a cost of about $5.56 million, significantly outstripping the average of $4.4 million for all breaches and trailing only health care for the financial impact.

“As CPA firms, we are among the most trusted professionals in the landscape. We are entrusted with a lot of client information from financials to controls. That responsibility means we need to be especially vigilant,” Tait said.

In a series of interviews, Tait and other cybersecurity specialists in the accounting profession discussed the scariest cyber threats and offered suggestions for mitigation, defense, and response.

“It’s not a matter of if — but when,” Tait said.

TOP SECURITY THREATS

Although familiar avenues of attack remain, hackers have become more sophisticated, particularly given the capabilities AI allows. AI-powered bots crawl the web searching for technical weaknesses in cyber defenses. These bots then burrow their way inside corporate systems and wait for an opportune time to strike. Concurrently, attackers are using large language models (LLMs), the technology behind generative AI platforms like ChatGPT, to improve the quality of the fraudulent communications used in phishing, business email compromise, and other social engineering attacks, making them more effective.

“And the organizations behind these attacks are getting more organized and more sophisticated, turning hacking into an illicit industry all its own,” Tait said, “complete with call centers, highly organized operations, and a wide array of tactics.”

“The cyberthreat landscape for accounting firms and corporate finance teams in 2025 is more complex than ever before. The machine learning wrapped into the mix is driving massive change to the threat landscape for our industry as well as those of our clients,” said Jim Bourke, CPA/CITP/CFF, CGMA, managing director of Advisory Services at Withum.

Many cyberattacks are designed to infiltrate an organization’s digital communication channels — especially email. Finance and accounting departments are often prime targets due to the sensitive financial data they handle. In business email compromise attacks, attackers exploit the accountant-client relationship, impersonating legitimate contacts to manipulate transactions and redirect funds. “The trusted relationships that accountants build with their clients can unfortunately be exploited,” said Steve Ursillo, CPA/CITP, CGMA, a cybersecurity partner with Cherry Bekaert LLP and Cherry Bekaert Advisory LLC.

Phishing and MFA attacks

These types of attacks typically begin with “phishing” emails, which attempt to trick users into opening a link. This has long been among the most common strategies for hackers, but hackers are now using AI to generate more convincing, detailed, and personalized phishing emails en masse.

In the past, phishing emails were often given away by poor grammar and spelling, but not any longer. Today’s LLMs can not only write semantically perfect text, but they also can automatically add contextual detail and adjust the message’s tone for each target. IBM’s Cost of a Data Breach Report 2025 found that the time needed to create a convincing phishing email went from 16 hours without AI to only five minutes with it.

Phishing attempts are even starting to reflect recent company events, such as mergers, according to Tait.

“The extreme personalization of these new campaigns are fooling even those well versed in the threat landscape,” Bourke said. Attackers may also go beyond email, using AI to create deepfakes, such as phony voice messages or even fake videoconferences, to lure victims into compromising systems or wiring money.

Hackers also are breaking through defenses meant to stop phishing and other kinds of attacks. Multifactor authentication (MFA) is held up as a gold standard for security, but it’s not impenetrable. “Attackers are increasingly finding ways to bypass multifactor authentication — whether through phishing, token theft, or exploiting session-hijacking techniques,” Ursillo said. “Even with MFA in place, they’re still gaining access. And once inside, they waste no time; they immediately begin executing their objectives, often with precision and speed.”

While heavily personalized phishing campaigns and attempts to break MFA protections may be new, they call for the same fundamental defenses as earlier attacks: investment in technology to detect and deflect intrusion attacks, plus training and education to help users avoid such traps.

When the attackers succeed, the results can be highly damaging for the victims. Once they’ve gained control of corporate email and other accounts, infiltrators can search for sensitive, exploitable information, which can then be sold on the black market.

“It could yield reputational damage; it could also yield regulatory or compliance challenges,” Ursillo said.

Attackers may assume the identity of a compromised user to defraud others — often by sending fraudulent invoices or altering payment instructions. “They’ll scan email transaction histories for keywords like ‘business payment,’ ‘invoice,’ or ‘refund’ — anything that signals a financial opportunity,” Ursillo explained. “Once they identify a target, the attacker may interject into ongoing conversations without the user’s awareness, impersonating them to subtly change payment details and redirect funds to their own accounts.”

Tait recently saw cases where attackers compromised a third party’s email account and used it to send fake invoices, resulting in losses of more than $200,000 in each instance.

Attackers may also use the company’s accounts to send malicious emails to clients and other third parties, hoping to compromise even more victims.

Ransomware

Another variety of attack, ransomware, allows intruders to use victims’ data against them. Once they’ve breached the defenses, attackers may use encryption to lock away the victim’s data and effectively shut down the business until a ransom is paid.

Such attacks have become more dangerous with AI, too. Attackers are using AI-powered phishing and other forms of social engineering mentioned above, as well as automated tools to probe and infiltrate companies’ defenses.

They’re leveraging AI for deep automation, tailoring their maneuvers to specific system characteristics. “The initial phase of the attack may have been fully automated — establishing remote access without immediate action. The attacker is likely to return later, using that access to further their objectives,” Ursillo explained.

Hackers also are getting savvier in their ransomware demands.

In the past, they might have made an exorbitant demand for millions of dollars. Today, attackers are more strategic, often asking for amounts that fall within the limits of the organization’s cyber insurance coverage, Tait said.

“Maybe they’ve broken in and actually seen your insurance document,” he said. “That increases the likelihood of getting paid significantly, because it’s within the bounds of reason.”

Third- and fourth-party risks

As companies make greater use of cloud services, they increase their “attack surface,” or the ways in which they might be attacked.

“In the past, networks were tidy little boxes, with the systems contained within the walls of the organization,” Tait said.

Today, “the network stretches far beyond those walls. With countless data interchanges, cloud connections, interfaces to other companies, every link introduces potential vulnerabilities,” he said.

An organization may have multiple cloud vendors, with data connections between each service. Vulnerabilities also may arise from the vendors’ vendors.

“Many organizations still struggle just to get a clear picture of their third-party relationships,” Tait said. “Now the conversation is shifting to fourth parties, your vendor’s vendors.”

While third and fourth parties may have their own safeguards, CPAs ultimately are responsible for understanding and evaluating the risk that comes with using cloud products and other services, Ursillo and Tait said. A common method for assessing vendors is to request and review their System and Organization Controls reports — especially SOC 2, which focuses on a service provider’s controls related to security, availability, processing integrity, confidentiality, and privacy.

Additionally, while SOC 2 engagements result in reports on service organizations’ controls within the system that provides services, SOC for Cybersecurity is an engagement for any organization looking to report on a description of their cybersecurity risk management program and the effectiveness of the controls within that program. This could include elements related to third and fourth parties, if those controls are within the entity’s cybersecurity risk management program.

“There’s no silver bullet right now — we’re going to continue to struggle with vendor management, as it is an ongoing challenge that requires constant adaption,” Tait said.

Insider threats

Not all attacks come from outside. In some cases, employees may pose an insider threat, using their access to steal data or money, or bad actors may even infiltrate the company.

Take the example of KnowBe4, a well-respected security training platform. The company hired a software engineer, conducting a standard process with video interviews, background checks, verified references, and more. Although the individual’s headshot was an AI-manipulated image, the video interviews involved a real person matching the photo.

As it turns out, the “new hire” was trying to gain access to internal systems. “We sent them their Mac workstation, and the moment it was received, it immediately started to load malware,” according to a KnowBe4 article about the situation.

The new hire appeared to be based in North Korea and backed by the government there, using an identity stolen from a U.S. citizen. The company’s security blocked the malware attempt, bolstered by the fact that new employees receive only limited network access.

“Having those role-based positions and privileges is important,” Ursillo said. “Unfortunately, there are adversaries out there getting jobs in trusted positions for the sheer reason of stealing protected information.”

KnowBe4 offered several tips based on its experience. Companies need to ensure that remote employees are physically working from their claimed location. They also should check résumés and other materials for inconsistencies and ensure interviews are done over video, if not in person.

HOW TO RESPOND: THEPOST-BREACH MENTALITY

Even the strongest training and technological defenses may not stop every incursion. That is why the professionals interviewed for this article recommend that organizations adopt a “post-breach mentality,” which assumes that a digital attacker eventually will gain unauthorized access.

In the post-breach model, an organization designs its defenses not just to repel attackers but also to detect intrusions quickly, contain them, and limit the damage once systems are breached. This approach focuses on layered defenses, rapid response, and risk management strategies, including investments in cyber insurance.

“You have to assume that all of your assets have been compromised internally,” Ursillo said. “What are you doing to detect and respond and prevent lateral movement?”

Strengthening these defenses begins with a thorough assessment of the organization’s technical and human capabilities, the cyber professionals said.

“Measuring up the resources that you have is important, and knowing any potential limitations,” Ursillo said. Companies may rely on outside consultants for an assessment, and they also can benchmark their strengths and weaknesses with risk assessment standards such as ISO 20000-1 or ISO 27001.

Those standards can help to prioritize investment in the areas of highest risk and to ensure that companies are aligned with the growing demands of various regulatory bodies.

The goal often is to develop a “zero trust” architecture, which involves frequent authentication of users and devices and tightly controlled access to data and privileges.

While the work is highly technical, it’s critical for executives, especially chief information officers, to take ownership of this process.

“They know the protection and safeguards around data security rests on their shoulders,” Bourke said.

Train your people

It’s often said that humans are the weakest link in cybersecurity. IBM’s recent Cost of a Data Breach study found that phishing, which preys on human error, was one of the single most-common attack vectors.

The report pointed to several effective defense strategies, ranging from management techniques like board-level oversight to a variety of technical investments. The use of AI and automation in defense was among the most impactful investments, reducing the cost of a breach by about $224,000 on average. Employee training is also a significant factor, reducing the cost of a breach by about $192,000 on average. “Companies need to continue pushing education down to all firm members, regardless of level. It only takes one [misstep] to potentially give away the keys to the kingdom,” Bourke said.

Tait urged firms to move away from rote annual training and instead embrace short but frequent refreshers. Firms also can test their employees by subjecting them to mock fraud attempts — testing their ability to identify mock phishing attempts.

One way or another, companies must ensure that their employees are aware of the range of threats and how fast they’re evolving.

“I would be adding more information about how unique and targeted these [hacking] campaigns have become, and I would ramp up the frequency of the employee training videos and programs,” Bourke said.

Companies also should prepare their executives to respond to cyber incidents. Tabletop exercises are highly effective, Tait said.

“You can tailor your scenarios for the specific organization,” he said, “and within a few hours, you will uncover your weaknesses, strengthen coordination across company stakeholders, and build confidence in your response strategy.”

Ensure you’re insured

Cyber insurance is a prerequisite, but it’s not a panacea. First, firms must ensure that they’re adequately insured for the risk they carry — a process that entails determining the value of the data they hold and the impact of a loss or leak.

“Go down to the level of what each record would cost to deal with,” Ursillo said.

Simply buying a strong policy isn’t enough. Companies may find their coverage denied because of errors in their forms or failures to fulfill policy requirements, Tait warned.

For example, in 2022, Travelers Property Casualty Company of America sued a customer to rescind a policy, saying that the company had misrepresented its MFA capabilities.

“Review those cyber insurance proposal forms carefully and have someone else double-check them,” Tait said. “In my experience, many of them are filled out incorrectly, with organizations unaware of how critical accuracy is. Small errors or oversights can lead to major consequences — including denied coverage when it is needed most.”

Eyes on the future

The state of cybersecurity may sound scary, but leaders can’t close their eyes. Stopping and containing breaches will be a growing and ongoing priority for many years to come, the professionals interviewed for this article said.

And as frightening as AI-powered cyber threats are, AI also is being leveraged in many of the defense technologies that protect firms. The IBM data breach report found that organizations using AI and automation in cybersecurity slashed the duration of breaches by 80 days compared to organizations not using AI security tools.

For his part, Tait is heartened that even as the threats have grown, businesses have responded in force.

“Cyber is not just an IT issue, it is a shared responsibility across the organization, and everyone has a unique responsibility for it,” he said. “That message is finally resonating. We all need to keep evolving and thinking differently. Whether you’re in tax or audit, or any other role, you need to understand this, because we all play a part in protecting the data we work with.”

---

About the author

Andrew Kenney is a freelance writer based in Colorado. To comment on this article or to suggest an idea for another article, contact Jeff Drew at Jeff.Drew@aicpa-cima.com.

---

LEARNING RESOURCES

Cybersecurity Fundamentals for Finance and Accounting Professionals Certificate

The AICPA’s certificate program covers what you need to know to protect your organization and your clients. The certification covers terminology, risk mitigation, financial implications, and the AICPA cybersecurity risk management reporting framework.

CPE SELF-STUDY

Information Security & Cyber Risk Certificate

Critical knowledge in emerging cyber and information security technologies will be gained to help you augment your accounting expertise, acquire a new skill, or complete the CITP credential.

CPE SELF-STUDY

Risk Is Increasing — and Risk Management Is Evolving

It’s time for traditional risk management to evolve. Risk management techniques and tools are explained to help you understand the value of using known and tested tools for mitigating risk.

CPE SELF-STUDY

Risk Is Increasing — and Risk Management Is Evolving

Join this webcast option for the CPE self-study course of the same name.

Oct. 8, 1 p.m. ET; Dec. 3, 4 p.m. ET

WEBCAST

AICPA ENGAGE 26

The biggest event in the accounting profession will celebrate its 10th anniversary at the ARIA in Las Vegas. Don’t miss it!

June 8–11

CONFERENCE

Certified Information Technology Professional

The AICPA’s Certified Information Technology Professional (CITP) credential represents the intersection of technology and financial reporting. CITPs understand how information technology, accounting, and finance interrelate. Choose from three pathways to earn the credential. For more information, click on the headline above.

CREDENTIAL

For more information or to make a purchase, go to aicpa-cima.com/cpe-learning or call 888-777-7077.

---

MEMBER RESOURCES

Articles

“Shadow AI Emerges as Significant Cybersecurity Threat,” FM magazine, Aug. 15, 2025

“Lessons From a CPA Whose Firm Delivered a ‘Textbook Response’ to Data Breach,” JofA, June 18, 2025

“How CPAs Can Combat the Rising Threat of Deepfake Fraud,” JofA, May 1, 2025

“Cyberattack Hack: The Case for Targeting Prevention Over Detection,” FM magazine, March 28, 2025

“Digital Defense: Why Cybersecurity Is Non-Negotiable,” AICPA & CIMA, March 25, 2025

“10 Tips to Help Avoid Wire Fraud Scams,” JofA, Oct. 1, 2024

Websites

AICPA and CIMA Technology landing page

Information for Service Organization Management in a SOC 2 Engagement

SOC for Cybersecurity: Information for Organizations

System and Organization Controls: SOC Suite of Services