A Texas accounting firm owner utilized a data security session at AICPA & CIMA ENGAGE 25 to describe how she and her firm survived a cyber incident that tested their resilience and leadership. Speaking to her peers, she said the breach was among the toughest moments of her career, yet her clients remained loyal to the practice.
“The breach was one of the hardest things I had experienced in my career, yet I came out of it with clients still viewing me positively.”
The remarks, delivered at a data security program during the annual event, highlight how small and midsize firms are grappling with growing cyber risks. They also highlight how trust can be preserved when firms respond promptly, communicate effectively, and implement visible changes following an incident.
Rising Pressure on Accounting Firms
Accounting firms hold sensitive financial records, tax IDs, payroll data, and business plans. That makes them frequent targets for phishing, social engineering, and ransomware. While large firms invest heavily in layered defenses, many smaller practices face tight budgets and limited staff time to manage evolving threats.
Regulatory expectations have also increased. State privacy laws, IRS guidance for tax professionals, and client contract terms now require firms to document controls and demonstrate their ability to contain and report incidents. Insurance carriers often require multi-factor authentication, endpoint protection, and staff training as conditions for coverage.
How One Firm Held Client Trust
The Texas firm owner did not describe technical details. But her account centered on client communication and visible action. She emphasized that acknowledgment and transparency played a significant role in shaping the outcome, just as much as the tools deployed after the breach.
Firms that keep clients informed tend to protect credibility even when the news is difficult. Timely notices, plain-language updates, and a clear path to remediation can limit reputational damage. Offering credit monitoring or identity protection, if warranted, can show accountability and care.
Her comments also point to the role of leadership under stress. Setting a steady tone, meeting deadlines for notifications, and showing a plan for improvement help clients judge whether to stay.
Practical Steps That Make a Difference
Attendees at data security sessions often request actions that align with the realities of small firms. The experience shared at ENGAGE 25 supports a simple order of operations: stop the threat, investigate, notify, and harden systems.
- Prepare an incident response plan and test it.
- Use multi-factor authentication on email, tax, and file systems.
- Train staff to spot phishing and report it fast.
- Back up critical data offline and rehearse restores.
- Engage outside experts when needed, including legal counsel.
Clear policies for vendor access and data sharing can plug common gaps. Additionally, routine checks should include email forwarding rules, admin privileges, and outdated software. Insurance reviews may uncover control gaps before an incident, not after.
Financial and Regulatory Fallout
Even short outages or limited data loss can carry costs. For small firms, billable time lost to containment and investigation can be more damaging than the direct technical bills. Notification requirements and potential client churn add to the pressure.
The Texas firm owner’s outcome—keeping client support—suggests the right response can blunt those costs. It also shows why leaders must weigh the short-term expense of better controls against the far higher cost of a poorly handled event.
What Firms Should Watch Next
Threats continue to shift from broad phishing to more targeted attacks aimed at tax season workflows and client portals. Firms should monitor secure email features, identity protection, and vendor risk associated with tax and bookkeeping platforms. Training that mirrors real attack methods can increase the likelihood that staff will identify and report problems promptly.
The session’s message was clear: incidents can happen even to careful firms. What stands out is how a firm responds in the first hours and days. Preparation, steady communication, and visible improvements can help maintain client trust.
The Texas CPA’s account offers a practical takeaway. Build response muscle before it is needed, speak plainly when trouble hits, and show the fixes. That approach will shape reputations more than the breach itself.
