There is also a section on questions concerning cyber security for tax agents to put to their IT providers. HMRC introduces this saying: ‘Security should be everyone’s responsibility as the consequences if it goes wrong can be catastrophic’. It states that the questions are to ‘promote conversation between small to mid-sized tax agents and their IT providers supporting a strong cyber security culture within the business’. However, it adds that security has to be balanced within a risk management framework so ‘not all of the methods discussed will be appropriate, or even sufficient, for different companies.’