As we near the end of the year, we’re looking back at the major cyber security shake-ups that happened in 2025. As part of our mission to protect Australian accounting professionals, we’ve been adapting and evolving to shut down these new threats as they’ve emerged. We’re proud to defend 28,000+ accounting professionals within our protection borders with Cloud Best Practice 2025.4. 

When it comes down to it, the protection perimeter is broadening. There are more entry points for attacks than ever before. Each of the 5 learnings below demonstrates this in some form or another. Let’s dive into it!  

1. AI is making fraud faster and easier

AI-powered attacks changed the game in 2025. What used to take cyber criminals weeks to orchestrate now takes hours. Attackers are using AI to automate reconnaissance, craft perfect impersonations, and plan sophisticated attacks at unprecedented speed. They’re analysing your firm’s communication patterns, identifying trusted relationships, and creating deepfakes that are virtually indistinguishable from the real thing. The sophistication level has reached a point where even the most vigilant team members can be fooled.

A real-world example of AI fraud at play 

Earlier this year, an accounting professional from an Australian firm shared an experience involving a scam email they received that looked exactly like a standard service message from the Australian Tax Office (ATO). The branding, tone, layout and structure were indistinguishable from the real ATO message; a level of mimicry consistent with AI-generated phishing templates.  

The only tell was a subtle anomaly in the sender address. Had the team been rushing, a single click could have exposed credentials. Incidents like this are exactly what we’ve seen more of in 2025: attackers producing hyper-personalised messages and contextually driven content that mirror legitimate communication so precisely that human detection becomes unreliable. Whether the attacker used AI tools in this particular case or not, the environment has shifted with these kinds of near-perfect impersonations in practice. Now fast, cheap, and widely accessible because AI has lowered the barrier to producing them at scale.   

What can you do to protect your firm?  

Cyber security training used to be the best way to prevent human error. Today, attacks are so sophisticated that there is no preventing human error. With perfect imitations, mistakes are going to happen. This means you need to have zero-trust cyber security measures in place. If someone clicks a link and goes to a fake login page, how is your cyber security preventing them from sharing credentials? Implement multi-factor authentication, deploy AI-powered threat detection on your endpoints, and make sure your access management system can detect and block suspicious login attempts—even with correct credentials. 

2. The devil is in the email

Once a cyber criminal has used AI tools to identify your trusted relationships, they exploit this with Business Email Compromise (BEC) fraud. This involves impersonating vendors, clients, or even internal team members to trick your firm into making fraudulent payments or sharing sensitive data. 

Email has become the primary threat vector for a simple reason: it’s where trust lives. Your inbox contains years of relationship history, payment patterns, and communication styles that attackers can study and replicate. A single compromised email account can give criminals everything they need to launch a devastating attack that targets not just your firm, but your clients’ sensitive financial data. 

BEC attacks are particularly insidious because they bypass traditional security measures. There’s no malicious attachment to scan, no suspicious link to block—just a convincing message from a “trusted” source. Australian accounting firms are prime targets because they manage substantial client funds and maintain trusted relationships that criminals can exploit. 

A real-world example of Business Email Compromise at play

We saw this play out for an accounting firm that got involved in a sophisticated Business Email Compromise (BEC) incident that resulted in a large fund transfer, with approximately AUD 375,000 being redirected to a cyber criminal. The attacker had gained access to a third party’s email system, identified an upcoming invoice, and initiated a multi-day email conversation that appeared entirely legitimate. 

Because the attacker was operating from within a compromised mailbox, every message contained correct context — dates, amounts, tone, past correspondence — making the exchange indistinguishable from genuine client communication. Over several days, the attacker built enough credibility that the payment was processed and sent directly to the fraudulent account. 

What stood out in this incident was not just the scale of the loss. It was the quality of the attacker’s writing and timing. The conversation felt natural, consistent, and responsive — the kind of interaction that would rarely raise suspicion during a busy period. It demonstrated how modern BEC attacks exploit trusted relationships and communication patterns so effectively that traditional “red flags” often never appear. 

The professional initially faced scrutiny for the outcome, only for later analysis to show that the compromise had occurred on the other party’s side. The incident reinforced a critical reality: even when your own systems are not breached, your firm can still be manipulated and still be impacted through the inboxes of the people you work with every day. 

What can you do to protect your firm?  

Configure your email policies to protect your cloud-based email. Look at Third Party App Access Blocking, Domain Impersonation Blocking, Country-based Email Filtering, Admin Access Review, and File & Folder Sharing Controls. Establishing firm-wide processes is key, too. One example might be a policy where new bank details are verified via a secondary channel like a phone call every time.  

3. Personal use of AI tools opens new vulnerabilities 

On the other side of the fence, AI tools in the hands of employees also represent an increased risk. Right now, we’re in the wild west of AI adoption. Teams are experimenting different tools, often in their own personal AI accounts, and productivity gains are winning out over security.  

This year highlighted a new operational risk for many organisations: employees using AI tools outside approved systems. In New South Wales, a government contractor for the Resilient Homes Program uploaded an Excel file containing the personal and health details of around 3,000 flood-affected residents into ChatGPT, an AI-driven tool that hadn’t been approved for use. The incident was treated as a data breach, triggered a Cyber Security NSW investigation, and forced a rapid overhaul of AI-use policies.  

At the same time, a KPMG & Melbourne University global survey showed that roughly half or more employees in large organisations use unapproved AI tools for work, and a significant share of them paste sensitive customer data, internal documents or financial information into those tools via personal accounts.  

For Australian accounting firms, the risk is obvious: if staff are free to use personal AI accounts, client data can quietly leave your controlled environment long before a “breach” ever hits your logs. 

What can you do to protect your firm?  

Ensure there is centralised control and organisational policies around the AI tools being used in your firm, as well as what data can be entered into them. For policy templates and AI implementation checklists, read our Secure AI Implemenation Guide for Australian Accountants.  

4. Cyber insurers are asking more questions  

In 2025, we saw a move from cyber insurers to ask highly technical questions about the security posture of the firms they insure. Importantly, they are checking the answers after a breach occurs.  

Insurance providers want evidence of robust security measures: multi-factor authentication, endpoint protection, email security protocols, regular security audits, and incident response plans.  

One clear sign of how the insurance landscape has shifted in 2025 is the level of technical detail now embedded in standard cyber insurance renewal forms. For example, current Australian cyber renewal questionnaires require firms to document everything from their endpoint protection tools, backup frequency and retention practices, privileged-access controls, multi-factor authentication (MFA) settings, and patch-management timeframes, through to email MFA, phishing simulations, vulnerability scanning, and network monitoring tools.  

These are no longer yes/no checkboxes. Insurers request detailed descriptions — including product names, configurations, third-party providers, and operational processes. They also ask firms to confirm whether they test backups, segregate copies, run penetration tests, enforce cloud MFA, and use EDR across all endpoints. In many cases, insurers also require firms to list previous cyber incidents and the financial impact, as well as describe how the organisation prevented recurrence. 

Insurers are no longer taking declarations at face value. They are assessing a firm’s real cyber posture and verifying those answers if a breach occurs. This shift is reshaping how accounting firms prepare for renewal: security documentation now needs to be accurate, consistent, and evidence-backed. 

What can you do to protect your firm? 

Make sure your renewals are accurate and up to date. Don’t guess at technical questions or overstate your security capabilities. Partner with a cyber security provider who understands the landscape and can help you complete renewal forms with precision. Document your security measures, maintain records of your protocols, and ensure you can demonstrate compliance when required. Better yet, implement the security measures insurers are looking for—not just to tick boxes, but to genuinely protect your firm and clients. 

4. Industry-agnostic tools no longer suffice  

In 2025 we analysed the usage data of the Australian accountants in the Practice Protect ecosystem, which revealed an industry-wide trend: Australian accountants are choosing accounting-specific tools and technology in their firms. From a cyber security perspective, we are fully behind this shift.  

Industry-specific apps are deeply knowledgeable about the unique compliance requirements, workflow patterns, and data sensitivities of accounting practices. They understand ASIC regulations, ATO requirements, and the specific threats targeting Australian financial professionals. Generic tools simply can’t match this level of specialisation 

What can you do to protect your firm?  

If you are still using industry-agnostic tools, consider moving to accounting-specific tech. There are several home-grown apps right here in Australia that are helping accountants work smarter and more securely. Evaluate your current tech stack and identify where generic solutions are creating security gaps or compliance risks. From there, review the industry-specific platforms that align with your needs. A great place to start is to review The Australian Cloud Accounting Report 2025-26. It includes the top apps that Australian accounting firms are choosing in their curated tech stacks.  

Looking to 2026 

Next year, we expect security and AI to truly converge as firms get serious about reigning in the tools they are using. Change is the only constant, and we predict this won’t be stopping any time soon. But with the right expertise and tools, Australian firms can meet these challenges head on to protect what matters most: their people and the trust of their clients.