Accounting & Audit Firms - Highlights from June 2026 Cyber Risk Forecast

The June 2026 Cyber Risk Forecast for accounting and audit firms does not introduce new risks. 

That is the signal. 

Instead, it confirms something more consequential: risk categories are stable, but specific attack vectors within them are intensifying—driven by AI and persistent targeting of financial data. 

Three insights define this cycle. 

1. BEC and Fraud Has Become the Dominant High-Likelihood Financial Threat 

Business email compromise (BEC) and fraud is now a high likelihood risk (61–80%) and the only top risk trending upward in the current forecast. 

This is driven directly by AI. 

AI-generated phishing now represents over 82% of phishing emails, achieving significantly higher success rates than traditional campaigns. 

 
AI-enabled fraud activity increased 1,210% in 2025, with $3.05B in total BEC losses reported. 

 
Deepfake voice attacks now require as little as three seconds of audio, with 77% of targeted victims losing money in voice-clone scams. 

The implication is not theoretical. 

For a mid-sized firm, the most likely financial impact is $250K–$3M per incident, driven by direct financial theft and liability exposure. 

This is the only top risk where both likelihood and attacker capability are increasing simultaneously. 

2. Ransomware Risk Is Validated by Active, Sub-Industry Targeting 

Ransomware remains at a moderate likelihood (41–60%) with stable trend, but the key signal is not the percentage—it is the validation. 

Multiple verified attacks occurred within the past 30 days: 

• DragonForce attacks on Enns & Company and Goldklang Group CPAs (May 2026) 

• Akira attack on DeMera, DeMera, Cameron LLP with ~260GB of client data stolen 

These are Tier 1 signals—direct sub-industry evidence. 

The forecast explicitly confirms risk assumptions from prior cycles are holding under real-world conditions. 

Financially, ransomware remains the most severe single-event exposure, with $5M–$50M+ per incident, driven primarily by client loss and reputational damage rather than ransom payments alone. 

The takeaway: ransomware frequency may appear “moderate,” but impact remains structurally extreme. 

3. No New Risk Categories—But Existing Ones Are Being Amplified 

The forecast makes a formal determination: 
No new top cyber risk category has emerged in this cycle. 

Instead, the environment is defined by amplification. 

AI-driven phishing strengthens the BEC threat, rather than creating a new one. 
Ransomware-as-a-service models expand access to sophisticated attack tools, increasing participation in extortion campaigns. 

Geopolitical activity—including hacktivist campaigns and nation-state targeting of financial data—adds pressure but does not create separate risk categories. 

Even third-party risk remains moderate (41–60%), with approximately 30% of breaches linked to vendors, reinforcing dependency risk rather than introducing new threat types. 

The pattern is consistent. 

Risk is not expanding—it is intensifying within existing categories. 

Bottom Line 

The June 2026 forecast shows a stable but increasingly pressured environment: 

• High-probability financial fraud driven by AI 

• Validated ransomware targeting with extreme financial impact 

• No new risks—but stronger, more efficient execution of existing ones 

This is not a transition phase. It is a consolidation phase where attacker capability is improving faster than risk categories are evolving.