Eighty Percent of Malware is Now Powered by AI

Many firms are not aware that a growing majority of cyberattacks today are not carried out by human beings. They are being executed by artificial intelligence systems that operate at a speed, scale, and precision that far exceed what a human attacker can accomplish. For the accounting and finance community, this shift raises serious concerns for client data protection, regulatory compliance, and firm level risk.

Research shows that nearly eighty percent of modern ransomware attacks now involve artificial intelligence at some stage—and the threat extends far beyond ransomware. Artificial intelligence systems are being used to create highly convincing phishing emails that impersonate clients, banks, payroll providers, or even leadership within the firm. They can crack weak or reused passwords within seconds. They can bypass common online verification tools. They can even generate deepfake audio that sounds identical to a client requesting a wire transfer or a staff member authorizing an internal change.

For CPAs, the danger is tied to speed, scale, and trust. An artificial intelligence system can attempt thousands of attacks in the time it once took a human attacker to attempt one. A firm must protect every entry point, but an attacker only needs to find a single weakness to gain access to tax records, financial statements, banking information, payroll data, and confidential client communications. A breach does not only create financial loss. It creates long term damage to trust and reputation.

Traditional defenses are no longer enough. Antivirus software, simple firewalls, and occasional updates were designed for a slower threat landscape. Artificial intelligence driven attacks adapt faster than human teams can respond. This means firms must move from a reactive model to a proactive, layered model.

Below are practical actions that every accounting and finance firm should implement immediately. Each step strengthens protection and aligns with emerging regulatory expectations.

1. Consistent and timely patching.
   All operating systems, servers, tax software, document management systems, and third party applications should be updated regularly. Most successful breaches exploit known vulnerabilities that have not been patched.
2. Strong authentication practices.
   Multi factor authentication should be required for every user who accesses firm systems, including partners, staff, remote employees, contractors, and seasonal help. Passwords should be long, unique, and stored in a secure password manager.
3. Ongoing cyber awareness training.
   A single training session is not enough. Staff should receive continuous, in person and virtual training that covers phishing recognition, secure data handling, incident reporting, and real examples of artificial intelligence generated fraud attempts.
4. Clear cyber and artificial intelligence policies.
   Firms should have documented policies that govern how artificial intelligence is used internally, which tools are approved, how client data is protected, and how security incidents are reported. These policies should be reviewed and updated at least once per year.
5. Vendor and software oversight.
   Many breaches occur through third party systems. Firms should know what data each vendor accesses, how that data is protected, and what controls those vendors maintain.
6. Data governance and access control.
   Access to sensitive information should be based on job role. Only staff who need specific data to perform their work should have access to that data.
7. Modern security tools that use artificial intelligence for defense.
   These platforms can detect unusual behavior, identify suspicious logins, block risky actions, and alert your team before a breach occurs.

Artificial intelligence enabled cybercrime is not slowing down. It will continue to grow as attackers automate more of their operations. But firms that act now can protect client data, maintain compliance, build resilience, and strengthen trust in every relationship they serve.

This article was submitted by Kellen Cowan of Newave Solutions.