At a glance
- AI is supercharging cybercrime, making digital threats smarter and more relentless.
- Cybersecurity teams can also use AI to detect suspicious patterns and insider risks.
- Accountants are prime targets due to the sensitive client information they hold.
- Basic cybersecurity hygiene and practical controls are crucial for defending against attacks.
As AI supercharges cybercrime in 2026, governments and professional services firms are bracing for smarter and more relentless digital threats.
Google’s Cybersecurity Forecast 2026 predicts an acceleration of AI-enabled social engineering will enhance the speed, scope and impact of threats. This includes more sophisticated “vishing” attacks in which scammers use deepfake voice or video communication to trick people into disclosing personal information, or making erroneous payments.
Such threats are not new. But many experts say AI-driven cloning will heighten such risks through “hyper-realistic impersonations” of executives or IT staff, making attacks harder to detect and defend.
Checklist 1: The Google report suggests that:
- Cyber thieves will adopt agentic systems– autonomous AI systems that can perceive, reason, plan, and act independently – to streamline and scale their attacks.
- Ransomware threats will keep evolving.
- We will see an increase in “shadow-AI” threats, as employees use AI tools without IT leaders’ knowledge at a time when nation states are exploiting cloud and cryptocurrency vulnerabilities.
- We will also see more “shadow agent” issues, where companies’ use of AI agents for work tasks exposing them to potential data leaks, compliance violations and intellectual property theft.
- There will be a rise in “prompt injection” threats – attacks that manipulate AI to make it bypass security protocols and follow an attacker’s hidden commands.
Respected British cybersecurity expert Graham Cluley, a member of the InfoSecurity Hall of Fame, believes the biggest shift this year will be how AI can “supercharge” existing familiar methods of attack.
“Voice cloning is a perfect example,” he says. “Scammers can create a convincing fake of someone’s voice from just 30 seconds of audio scraped from social media, or a public talk. They’re able to use these to impersonate company executives and trick employees into transferring money, or to pose as family members.”
Cluley says supply-chain attacks also represent a huge threat in 2026. “When criminals target a company’s suppliers, rather than the company itself, the damage cascades,” he says, noting that a cyber attack of carmaker Jaguar Land Rover last year may have cost the British economy £1.9 billion; it affected thousands of organisations.
Sharpening the attack
There is a growing fear that AI will lower the barrier to entry for cyber criminals while enabling them to better research targets and generate ever-more convincing cyber-attack communications that go well beyond the old scam emails and accidental malware downloads.
Simone Herbert-Lowe, who leads the cyber, media and technology practice in Australia for global law firm Clyde & Co, says the flip side is that cybersecurity teams can also draw on AI to bolster security operations.
“AI can be used to detect suspicious patterns, including insider risks if there is an unusual amount of sensitive information or data being exfiltrated or exported out of a system,” she says.
Mark Whittley is co-founder and managing director of Sicarius, a cyber defence firm with experience in international cybersecurity investigations. He believes 2026 is shaping as a “James Bond moment” when voice cloning, deepfakes and vishing make cybersecurity “feel like an espionage thriller”.
However, he agrees that the biggest risk for governments and businesses will come from the refinement of cyber attacks that exploit routine business behaviour, rather than the emergence of new threats. “Vishing, business email compromise and AI-assisted impersonation are effective precisely because they look ordinary,” Whittley says.
In an article on emerging cyber threats from the UK office of law firm Kennedys, partner George Chaisty counsels accountants to be conscious of AI being used to drive extortion cases. High-profile clients, in particular, could be vulnerable to cyber criminals leveraging AI “to create smoking gun-style documents which they hold accountants to ransom to in order to prevent publication to the press, even if the document is fake”. For example, he cites the potential for the release of a damaging tax return for a politician during an election campaign. “This is something we have seen in other industries already,” Chaisty notes.
“Many businesses still think … ‘we’re too small to matter.’ Attackers do not think in those terms.”
Mark Whittley, Sicarius
C-suites on edge
In such an environment, AI-driven threats have C-suite teams in a sweat. The 2026 Tech Trends and Priorities Global Pulse Poll from global IT organisation ISACA indicates that regulatory complexity and business continuity will dominate the agendas of Australia’s technology and security leaders in 2026.
The survey findings reveal that fewer than half of respondents are extremely or very confident their organisation can successfully navigate a ransomware attack.
Checklist 2 – ISACA identifies key steps to stay cyber-safe, including:
- establishing robust AI governance and risk frameworks;
- accelerating workforce upskilling and talent pipeline development;
- modernising legacy systems to reduce vulnerabilities;
- developing and regularly testing incident-response plans; and
- focusing on regulatory complexity and international compliance requirements.
Cluley says the best defence is not just technological, it is human. “Most successful cyber attacks exploit human nature rather than technical flaws, so strengthening the behaviour of employees is critical.”
He calls on businesses to set up robust staff-verification protocols in the event of receiving urgent requests for money or sensitive information, even if the requester sounds like their boss. They should also ensure that security training is regular and practical, not an annual box-ticking exercise, as part of a culture where they should assume that they will be targeted.
Focus on the fundamentals
As part of its 2026 Planning Guide for Cybersecurity, Gartner warns that many organisations are focusing “too much on sophisticated attacks and not enough on basic cybersecurity hygiene and incident response practices”. That, it says, leaves them exposed to ransomware and account takeover risks.
Given the volume of financial information and data that accounting firms collect and store, Herbert-Lowe says getting the basics right will be especially crucial as threats rise.
Whittley says that significant risks for accounting firms will include impersonation, payment redirection fraud and unauthorised access to sensitive client data. “These risks are amplified by trust – both the trust clients place in their accountant and the trust accountants place in familiar communications,” he says.
He says protecting firms and clients requires an emphasis on controls that are practical and provable.
Checklist 3 – Whittley lists the critical client controls as:
- strong identity management;
- verification steps for financial transactions;
- restricted access to sensitive systems; and
- regular review of logs and alerts.
“Just as importantly, firms must be able to explain and evidence these controls when clients, insurers, or regulators ask how risk is being managed,” Whittley adds.
Checklist 4 – The Google report also warns of increasing cyber threats from nation states including:
- Russia, concentrating on intelligence collection to support its global political and economic interests;
- China, prioritising cyber espionage tactics;
- Iran, focusing on cyber espionage, disruptive attacks and information operations targeting Israel and its allies; and
- North Korea, targeting cryptocurrency organisations and users.
However, Cluley believes such state-sponsored threats could be more pervasive. “We’d be foolish to think there’s any developed country which isn’t using the internet to spy and gain advantage over others,” he says.
Cluley wants governments to help businesses better defend themselves. “Many organisations running critical services simply lack the resources for sophisticated security, and information sharing between government and industry remains patchy.”
Be proactive
Herbert-Lowe encourages businesses to pre-empt cyber threats, rather than responding to government or regulatory demands. “At the end of the day, it’s really up to the businesses themselves to take the lead because of their position of trust. Every accounting practice has a legal duty to take reasonable care to prevent loss to its clients.”
Cluley says the key is for leaders to “set the tone”. “When executives visibly follow security protocols and treat breaches as learning opportunities, rather than blame games, employees feel empowered to report suspicious activity without fear.”
