There’s an email going around right now. It’s not from a vendor. Not from your competitor. Not from some shady LinkedIn lead-gen spammer promising 400% ROI in three clicks. It’s from the AICPA.
And they’re telling every CPA in the country it’s time to “step into tech leadership” with cybersecurity credentials.
Let me break this down for you.
CPAs are being told—right now—that their next career move is to become the cybersecurity advisor for your clients. That’s not a guess. That’s the actual positioning in the email. “Information Security,” “IT Governance,” “Risk & Controls”—these are the new hot topics for your client’s accountant.
You know what that means?
Every single one of your clients is someone else’s prospect.
And the CPAs have credibility. They’ve got the trust. They’ve got the advisory relationship. They’ve got the one thing you’ve been begging your clients for: Their attention.
Now they’re using it to talk cybersecurity.
I’ve been warning you this was coming. I’ve shown you case studies where CPAs quietly took over cybersecurity conversations—sometimes the entire IT relationship—because you weren’t having it. And if your client is about to get their security advice from someone who bills by the six-minute increment and thinks MFA means “Multiple Fiscal Advisors,” you’ve got a problem.
Worse? Some of these CPAs aren’t just advising. They’re running their own IT programs. Or they’re bringing in their MSP. You think they’re going to give you the benefit of the doubt when reviewing your controls? Not a chance.
So what can you do?
Get in front of your clients. NOW!
Not with a “let’s talk HIPAA” email. Not with a “we’ve added some detection tools” bulletin. With a real conversation about cyber liability. Because here’s the thing: the CPAs aren’t talking about liability yet. But they will be.
And when they do? If you’re not already the expert in the room, you’re about to become the scapegoat.
Show your clients that you’re not just checking boxes—you’re managing liability. Lead with Cyber Liability Essentials: documentation, training, IR playbooks, and policies that tie directly to real-world legal defense. Then introduce them to Cyber Liability Guard. Even if they don’t move forward right away, they’ll understand you’re offering it—and more importantly, why it matters. You’re not pushing compliance for compliance’s sake. You’re helping them use compliance as a strategy to reduce liability. That’s how you stop being the IT vendor and start being the trusted advisor.
Because whoever’s having the liability conversation wins.
Here’s what the AICPA is sending your clients’ advisors. You’ve got a head start—if you move now.
Here’s a screenshot of the email for your reference:
This is your moment.
Don’t let it pass.
