top of page
Image by NASA

The Importance of Cybersecurity Awareness Training for Your Business

  • Writer: sarah hannah
    sarah hannah
  • Sep 18
  • 5 min read

Employee awareness training that helps reduce the risk of emerging threats is paramount for every business. Defending Against AI-Powered Threats in 2025, into 2026.


Defend your business with cybersecurity awareness training in NYC and online that stops AI-powered phishing, protects client trust and prevents costly data breaches.

Overview: Cybersecurity in Professional Services


  • 60% of professional services firms experienced a security breach in the past year, with AI-powered phishing attacks leading the threat landscape 

  • AI-generated phishing now represents the defining email security challenge of 2025, targeting law firms, financial services, and architecture firms with unprecedented sophistication 

  • 66% of clients are hesitant to work with firms using outdated technology 

  • $4.88 million average breach cost, with professional services averaging $5.08 million 

  • 60% of law firms have implemented formal cybersecurity policies  


The Escalating Cyber Threat Landscape for Professional Services


  • The statistics paint a concerning picture across many professional services sectors. Recent cybersecurity surveys indicate that professional services firms face some of the highest breach rates across industries, with specific vulnerabilities in each sector: 

    • Legal Services: Up to 40% of law firms have experienced a security breach, with nearly 1 in 5 firms uncertain whether they've been compromised. The American Bar Association's latest cybersecurity report reveals that legal practices remain vulnerable due to the sensitive nature of client communications and limited security investments. 

    • Financial Services: The financial sector experiences cyberattacks at rates 300% higher than other industries, with regulatory requirements under FINRA, SEC, and other governing bodies making compliance failures costly beyond just the breach itself. 

    • Architecture & Engineering: A/E firms increasingly face targeted attacks aimed at stealing intellectual property, project designs, and client information. The sensitive nature of infrastructure projects and government contracts makes these firms attractive targets for both criminal and nation-state actors. 


For professional services, what makes 2025 particularly challenging across all sectors is the emergence of AI-powered cyber threats. Cybercriminals are now targeting professional services firms with AI-powered phishing, deep-fake impersonations and phone-based vishing scams that exploit professional relationships and industry trust.


Why Professional Services Firms Need Regular Cybersecurity Training


Professional services organizations represent attractive targets for cybercriminals for several industry-specific reasons: 

 

  • Handle highly sensitive client communications protected by attorney-client privilege 

  • Manage significant financial transactions through trust accounts 

  • Often have limited cybersecurity budgets relative to the value of data they protect 

  • Face strict ethical obligations for client confidentiality under state bar regulations 

 

  • Direct access to financial assets and trading information 

  • Heavy regulatory compliance requirements create multiple attack vectors 

  • High-value transactions and client portfolios 

  • FINRA and SEC reporting requirements make breaches particularly damaging 

 

Architecture & Engineering Firms 

  • Possess valuable intellectual property and proprietary designs 

  • Handle sensitive infrastructure and government project information 

  • Often work with multiple stakeholders, creating expanded attack surfaces 

  • Increasing digitization of blueprints and CAD files creates new vulnerabilities 


Cross-Industry Cybersecurity Vulnerabilities


Research shows that there's a significant business case for robust cybersecurity beyond risk mitigation. The 2025 Integris Report shows that 37% of clients are willing to pay a premium for firms with strong cybersecurity measures, representing significant potential revenue across all professional services sectors.


Industry-Specific AI Attacks


  • Legal Sector: AI-powered attacks now impersonate opposing counsel, judges and clients with remarkable accuracy. Attackers use publicly available court documents and legal databases to craft convincing communications requesting sensitive case information or wire transfers. 

  • Financial Services: Sophisticated AI algorithms analyze trading patterns, client communications and regulatory filings to create targeted spear-phishing campaigns that appear to come from regulatory bodies, senior partners, or high-value clients. 

  • Architecture/Engineering: AI-powered attacks target project communications, creating fake requests from contractors, government agencies or clients for sensitive project files, blueprints, or proprietary designs. .


The Scale of AI-Enhanced Threats


Using generative AI, attackers can produce thousands of highly personalized phishing emails within minutes, continuously optimizing them for higher engagement rates. By February/March 2025, AI surpassed human red teams across all user skill levels in phishing effectiveness, making human training more critical than ever.


Focus IT’s Cybersecurity Training Solutions for Professional Services


Recognizing the urgent need across New York's professional services community, Focus IT continues to make its cybersecurity awareness training available as part of their managed IT services packages. As part of the ongoing security strategies, they offer regular phishing simulations and access to their CIO and CTO services. An overview of various components involved in ongoing management of security, as well as areas covered during the standard cybersecurity awareness training are outlined below.


Proactive AI-Powered Threat Recognition using Enterprise Security Tools 

  • Tailored approaches for legal, financial and architecture sectors 

  • Recognition of AI-generated communications targeting professional relationships 

  • Identification of deepfake video calls and voice impersonations 

  • Advanced social engineering tactics leveraging industry knowledge 

 

​Industry-Specific Attack Scenarios 

  • Legal: Business email compromise targeting trust accounts, fake court communications 

  • Financial: Regulatory impersonation, trading platform attacks, client account fraud 

  • Architecture: IP theft attempts, fake project communications, contractor impersonation 

 

Incident Response Protocols 

  • Industry-appropriate escalation procedures 

  • Regulatory reporting requirements by sector 

  • Client notification protocols and legal obligations 

  • Business continuity planning during cybersecurity incidents 

 

Technical Cybersecurity Awareness 

  • Multi-factor authentication (MFA) implementation and SSO integration 

  • Secure file sharing for sensitive documents and designs 

  • Cloud security best practices for industry-specific applications 

  • Mobile device security for field work and client meetings 


The Human Element in Professional Services and Cybersecurity Training

Employee training is critical in combating phishing, as AI-powered attacks use advanced algorithms to craft highly targeted attacks that leverage professional relationships and industry knowledge. Well-trained employees across all professional services sectors can: 

  • Identify suspicious communications disguised as industry-standard requests 

  • Verify unusual financial or project requests through alternative channels 

  • Implement proper security protocols consistently across different software platforms 

  • Recognize when personal or professional information is being harvested for future attacks 


Looking Ahead: Professional Services Cybersecurity Training in 2026


As we continue through 2025 and move towards 2026, the cybersecurity landscape will only become more challenging for professional services firms. Organizations that invest in comprehensive employee training today position themselves to help prevent and head off attacks by increasing awareness, creating an atmosphere of support and robust education as the environment continues to change. Specifically ongoing and regular training can help companies to:


  • Defend against current and emerging AI-powered threats

  • Maintain client trust and professional reputation

  • Meet increasing regulatory compliance requirements

  • Gain competitive advantage in security-conscious markets

  • Protect valuable intellectual property and sensitive data


The convergence of AI-powered attacks and the high-value nature of professional services data creates an urgent need for specialized cybersecurity training that understands both the technology threats and the professional context in which they operate.



Focus IT, a trusted provider of cybersecurity awareness training and managed IT services for professional services firms in New York City, announces the expansion of its comprehensive employee cybersecurity training program. As law firms, financial services companies, architecture practices and other professional services organizations in NYC face unprecedented cyber threats in 2025, Focus IT's training program is designed to educate entire teams across industries, empowering them with the knowledge necessary to recognize and prevent sophisticated AI-powered attacks. 

 

For more information about Focus IT's cybersecurity awareness training or to schedule an industry-specific consultation, contact us for cybersecurity training and download our free cybersecurity insurance checklist.

bottom of page