As part of the Members Day of the Ordre des Experts-Comptables (OEC) Luxembourg, Derisk Advisory recently had the pleasure of presenting to an audience of Luxembourg-based accountants and fiduciaries, addressing the critical cybersecurity challenges their profession faces.
Photo by Thomas Badri
The core message, delivered by Laurent de la Vaissière of Derisk Advisory, was clear: accounting firms are not just service providers; they are goldmines of confidential client data, making them high-value targets for cybercriminals. We explored the evolving threat landscape, from sophisticated phishing attacks using generative AI to the stark reality of double-extortion ransomware, highlighting recent local examples to show that the risk is both real and close to home. A key focus was a deep dive into advanced attack methods, such as those detailed by CIRCL, which abuse legitimate IT tools to bypass even the strongest security controls by targeting the human element.
Beyond outlining the threats, the presentation detailed the significant legal and professional obligations that apply to accountants, from GDPR and the Criminal Code’s rules on professional secrecy to the ultimate risk: the destruction of client trust. We then shifted from risk to resolution, providing a practical, actionable playbook organized around three pillars: People, Process, and Technology. The session concluded with a simple but powerful call to action, urging attendees to start their security improvement journey by implementing Multi-Factor Authentication (MFA) as the single most effective first step.
If you would like to discuss how to build strong cybersecurity defenses for your firm, please feel free to get in touch.