The Intermediary –- June 2026 - Flipbook - Page 39
producing convincing impersonation of lenders,
end customer, but they have also expanded the
networks, or even compliance teams, brokers who
industry's attack surface.
would have spotted a clumsy email two years ago
are now much more exposed."
Generated in seconds, messages can be crafted
As Ian McKenna, chief information security
officer at Iress, explains: "Cyber risk has always
been present, but increasing digital connectivity
to closely mimic the tone and visual branding of
has made it more accessible to the many
trusted organisations, or even clients.
criminals and nation states seeking to steal data,
Concerns are also growing around deepfakes
and synthetic identities. Voice cloning,
disrupt operations or cause financial harm.
“The move by Microsoft to Office 365, for
manipulated video content and fabricated
example, enabled businesses to access and
documentation are creating entirely new
process data remotely, but also exposed those
challenges for firms that increasingly rely on
same systems and data to a broader range of
digital interactions and remote onboarding,
threats. Any cloud-based system is accessible
Howes warns.
While this might sound a little too ‘Mission
unless a lot of time, effort and investment
is made to secure it properly. Within these
Impossible’ for some, recent developments
platforms are a firm’s ‘crown jewels’ and any
suggest these concerns are far from hypothetical.
compromise of a username or a guessed
According to Paul Weathersby, product director,
password can be extremely costly and
identity and fraud at Experian UK&I, the growing
potentially catastrophic”
accessibility of AI is continually reshaping the
fraud landscape.
He says: "The cyber and fraud challenge facing
financial services is growing a lot more complex.
This is reflected in our own data, which shows
Importantly, attackers do not always need
sophisticated techniques to gain access.
McKenna says: "In many cases, a simple email –
perhaps containing the subject line 'gift voucher'
– is enough to trick users into clicking a malicious
that 73% of UK firms are increasing their fraud
link. It's that easy. That's why you have to have
budgets, yet nearly 60% are still seeing losses rise.
protection in place."
More investment alone isn't the answer."
The increasing use of APIs and integrations
Weathersby adds: "Much of this shift in
presents another challenge. These systems have
the threat landscape has been driven by the
become essential infrastructure, enabling data
p
accessibility of AI. Criminals are now using AI to
scale attacks, clone voices from just a few seconds
of audio, and build synthetic identities that can
transact convincingly for years before fraud is
ever committed.
"Traditional, point-in-time identity checks were
not designed for this environment."
Growing exposure
While cyber threats are becoming more
sophisticated, the environment in which firms
operate is also increasingly complex.
While some of these threats are aimed directly
at consumers, others target the firms responsible
for handling their data. For brokers, the current
challenge is twofold: protecting customers from
fraud, while also protecting their own systems
from compromise.
The growing overlap between these risks
is largely a byproduct of the industry's digital
evolution. The mortgage industry has spent
the past decade investing heavily in widespread
digital transformation. Cloud-based systems have
replaced local servers, the introduction of APIs
allows platforms to communicate seamlessly,
and advisers can now access information from
almost anywhere.
These developments have undoubtedly
improved efficiency and processing speed for the
"Don't worry – your sensitive customer data
is safe with us, Sarah Connor"
June 2026 | The Intermediary
37
