Review plan inclusions, security capabilities, and managed support features designed to protect modern accounting firms.
Bolt on any of these capabilities to either plan. Prices are per month - select your user/device range to see the applicable rate.
Fixed-fee, project-based engagements priced by firm size. Pick a range to see the applicable rate - engagements above 100 users are scoped individually.
Cybersecurity pricing for accounting firms depends on the plan you choose and the size of your environment. MYCPE ONE offers two core plans, Compliance & Essential and Managed Security, with pricing that scales by number of users and devices. Firms can also add specific capabilities through monthly add-ons or one-time, project-based engagements, so costs reflect what your firm actually needs rather than a flat package.
Both plans are purpose-built for CPA and accounting firm environments and share the same core security inclusions, such as email protection, endpoint security, network and firewall security, and data protection. The Compliance & Essential plan provides a compliance-focused security foundation, while the Managed Security plan adds fully managed 24×7 protection for firms that want continuous monitoring and deeper, around-the-clock coverage.
Both plans include a shared set of core protections: email protection, endpoint security, network and firewall security, vulnerability and risk management, security monitoring, identity and access control, cloud security for Microsoft 365 and Google, and data protection. This gives every firm a consistent security baseline, with the Managed Security plan layering active 24×7 management on top.
Monthly add-on services let firms bolt extra capabilities onto either plan for a recurring monthly fee. Pricing is set per month and varies by your user and device range. For smaller firms (the 0-10 user tier), examples include email from around $5, endpoint from around $3 per unit, network from $150, cloud from $15, identity from $20, and SOC and monitoring from $25. Rates adjust as your user and device counts grow.
One-time add-on services are project-based engagements priced by firm size, rather than recurring monthly charges. They cover scoped work such as email, endpoint, network, cloud, and identity projects, plus training, compliance, incident response, vulnerability testing, and SIEM and identity work. These are useful when a firm needs a defined project completed (for example a compliance scoping exercise or vulnerability test) instead of ongoing coverage.
Two main factors drive cost: the number of users and devices in your environment, and the plan and add-ons you select. Larger firms with more endpoints and staff fall into higher pricing tiers, and adding monthly capabilities or one-time projects increases the total. This usage-based model keeps pricing transparent and tied directly to your firm's actual footprint.
Incident response is available as a one-time, project-based add-on, priced by firm size and starting from around $800. Firms that want a defined response capability in place can scope it ahead of time, which is often preferable to arranging help during an active incident. Pairing incident response with the Managed Security plan gives firms both ongoing monitoring and a clear response path.
Yes. Both the Compliance & Essential and Managed Security plans support add-ons, so firms can extend coverage without switching plans. You can add capabilities on a recurring monthly basis or as one-time projects, covering areas like email, endpoint, network, cloud, identity, monitoring, compliance, and vulnerability testing, depending on where your firm needs more protection.
There can be, depending on what you need. Monthly plans and monthly add-ons cover ongoing protection, while one-time add-on services handle scoped, project-based work such as compliance engagements, vulnerability testing, or initial security setup. Firms only pay one-time fees for the specific projects they choose, and pricing for those is based on firm size.
Firms that need a strong compliance foundation, core controls, and better visibility often start with the Compliance & Essential plan. Firms that want continuous, fully managed protection with 24×7 monitoring and faster response typically choose the Managed Security plan. The best fit depends on your risk profile, compliance obligations, and how much in-house capacity you have, which a scoping call can help clarify.
Yes. While the standard tiers cover most firms, larger, multi-office, or more complex environments can get custom pricing scoped to their needs. Because pricing scales by users and devices and supports both monthly and one-time add-ons, MYCPE ONE can build a plan that matches a bigger firm's structure, compliance requirements, and service-level expectations.