Skip to main content

Firm Management

Accounting Firms Facing Increased Cyber Threat

75% say they would be able to survive only three to seven days from a ransomware attack.


Three-fourths of small and mid-sized accounting firms and other services businesses say they could only survive up to a week if they suffered a severe cyber attack. That’s among the results of a new survey.

The Small and Medium-Sized Businesses Ransomware Survey (SMBRS), commissioned by CyberCatch, involved a blind survey of 1,200 small and medium-sized businesses (SMBs) in U.S. and Canada. It is the first to examine how resilient SMBs are to ransomware. Ransomware is a critical threat to all organizations, especially to SMBs who may not be able to recover from a ransomware attack.

The survey was conducted independently by Momentive, a leading market insights company and maker of SurveyMonkey. The name of the survey sponsor, CyberCatch, was kept confidential in order to prevent any bias in the survey responses.

Key findings include:

  • 30% of SMBs do not have an incident response plan to respond to threats such as a ransomware attack.
  • Of those that have a plan, 35% tested the incident response plan over six months ago.
  • 34% do not test employees for susceptibility to phishing to prevent ransomware being downloaded or provide access to an attacker inadvertently.
  • 75% say they would survive only three to seven days from a ransomware attack.
  • 47% say they would survive only three days from a ransomware attack.

“Ransomware is an existential threat to SMBs who are a critical part of the supply chain,” said Sai Huda, founder, chairman and CEO, CyberCatch. “Foreign adversaries and criminal gangs will increasingly attack SMBs with ransomware to not only extort ransom payments but also use as the entry point upstream to the eventual target, a large company, critical infrastructure, government agency, healthcare organization or other high value target. The SMBRS is a wakeup call for proper cybersecurity controls. The report reveals seven key cybersecurity controls to thwart ransomware.”