Brokers urged to turn cyber risk into trust
As hackers harness AI to breach financial data, Australia’s mortgage brokers face escalating cyber threats that test trust, technology and resilience across the lending landscape
More
MORTGAGE BROKERS across Australia are sitting on a data gold mine that criminals are increasingly desperate to access. With high-value transactions flowing through systems daily and client information worth thousands to identity thieves, the sector has become a prime hunting ground for cyberattackers.�
“We work in an industry that continues to attract cyber threats,” says Anja Pannek, chief executive of the MFAA. “Mortgage and finance brokers handle high-value transactions and highly sensitive identity data. That makes our sector a prime target for email compromise, credential theft and supply chain attacks.”�
Financial services are being affected far more than they were a few years ago. According to the Australian Cyber Security Centre (ACSC), financial services ranked eighth on the list of top reporting sectors for cyber incidents in FY23. But by 2025 it had become the second most affected industry, according to the CyberCX 2025 Threat Report.
The nature of the threat itself has also shifted over the past two years. Where malicious insiders once topped the list of data security concerns external attackers – particularly hacktivists and nation-state actors – now dominate the threat horizon. Meanwhile, phishing attacks have surged to become the second most common attack method, overtaking ransomware in 2025.�
One significant vulnerability stems from the industry’s continued reliance on manual processes, particularly in client engagement and settlement procedures. These processes create multiple touchpoints where sensitive information can be intercepted or compromised.
�“Cyber risk is amplified by manual processes still in use across lending and settlement of home loans,” says Pannek. Many brokers still rely on methods such as screen scraping or emailed bank statements to access clients’ financial data – practices that security experts consider high risk.
�The solution lies partly in embracing secure digital alternatives. Open �
“The opportunity lies in turning cybersecurity into a point of trust,” says Buchanan. “Clients want assurance that their personal and financial information is safe. By demonstrating strong cyber practices, brokers can differentiate themselves and strengthen their relationships with clients.”
Brokers can also play an educational role, Pannek notes. “Brokers play a role in helping their clients be cyber aware. They can help clients navigate the digital landscape safely – explaining secure processes, the value of consent, and practical steps to protect personal information,” she says.
�This approach requires brokers to move beyond basic security �
2021
Top data threat actors
banking, for instance, provides government-regulated, consent-driven access to client financial information without the security risks associated with older methods.
“Open banking provides brokers a safe and efficient way to access client financial data as trusted advisers, without relying on riskier methods like screen scraping or emailed bank statements,” says Pannek. “The government has announced it will seek to ban screen scraping. We need to embrace open banking solutions and do so quickly.”
For lenders like SFG, protecting client data requires a multilayered approach that begins with robust internal systems and extends to broker partnerships.
�“At Specialist Finance Group, safeguarding customer data is non-negotiable,” says Buchanan. “Our platforms are built with layered security protocols, including encryption, multi-factor authentication and strict access controls. Internally, we’ve invested heavily in strengthening our own cyber posture, from regular penetration testing through to staff training and incident-response planning.”�
Specialist Finance Group (SFG) is a family-owned business that has been serving the broking community for more than 30 years. With a customer-centric model, SFG provides its members with the best possible systems, services and support to assist them in growing and improving their businesses. SFG’s unique model has seen rapid expansion in recent years that has consistently delivered results well above system.
Find out more
The Mortgage and Finance Association of Australia (MFAA) is the leading professional association for the mortgage and finance broking industry, with more than 16,000 members. Its membership spans stakeholders from across the industry, over 97% of whom are mortgage and finance brokers. The association also represents aggregators, lenders, mortgage managers, mortgage insurers and other suppliers to the industry. The MFAA’s purpose is to empower its members to prosper and thrive, ensuring Australians benefit from competition and choice. It supports its members and the industry through advocacy, education and promotion of the broker value proposition to consumers.
Find out more
“AI risks for small businesses must also be considered,” says Pannek. “These include the data security posture of the AI provider, protection of sensitive client information and awareness of how this is managed in solutions, as well as bias that may exist in AI tools.
�“Make sure you ask questions before you adopt AI in your business, and consider that free is often not the best solution. Also, what support and training do your team members need to support them as they navigate using AI?”
�From an attacker’s perspective, AI has proven to be an attractive tool that can be used for multiple malicious purposes – from helping hackers craft personalised and realistic phishing emails to developing highly adaptive malware that can learn and evade detection systems.
�Recent findings from Verizon Business’s 2025 Data Breach Investigations Report indicate that malicious use of AI has doubled in the past two years. And we’re only at the beginning. Cybersecurity solutions firm Check Point predicts that we will soon start seeing the next generation of phishing attacks, which will use AI to learn from real-time data and adapt to changing security measures, making detection even more challenging.�
“Cybercriminals and scammers are finding more sophisticated ways to both take advantage of technology and adapt as new security measures arise”
Anja Pannek,
MFAA
In Partnership with
The challenge is particularly acute for smaller broking operations, which often lack the resources and technical expertise of their larger counterparts. These businesses handle the same sensitive data but may rely on manual processes and legacy systems that create additional vulnerabilities.
�“Broker businesses recognise the importance of cyber resilience but, like many small businesses across Australia, they are often time-poor and/or lack the knowledge, skills or resources to implement effective safeguards,” says Pannek.
�Blake Buchanan, general manager at Specialist Finance Group, observes that cybersecurity maturity across the sector remains uneven. Larger aggregators typically invest more heavily in security infrastructure, while smaller independent brokers may struggle with budget constraints or technical knowledge gaps.
�“Cybersecurity maturity across the sector is mixed,” says Buchanan. “National aggregators and larger firms are generally further along the journey, often because we have dedicated resources and compliance structures. Smaller independent brokers, however, may face challenges due to limited budgets or technical expertise, or time constraints, even though they hold equally sensitive data.”�
“By demonstrating strong cyber practices, brokers can differentiate themselves and strengthen their relationships with clients”
Blake Buchanan,
Specialist Finance Group
Industry experts
Darren McLeod
Beyond Bank
Fernando Lemos
Bank Australia
Industry experts
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Tellus in penatibus condimentum malesuada ante vulputate nisi, arcu leo. Amet urna sapien purus vestibulum fermentum a. Cursus metus massa donec sed varius. Nunc enim sit morbi lacus, molestie et nunc. Nullam sed facilisi id malesuada. Ante purus velit, quam scelerisque ultrices scelerisque donec.
Velit egestas vel ornare pellentesque ridiculus. Mauris tempor augue quis mattis suspendisse feugiat commodo posuere. Faucibus massa adipiscing nullam elit, ac vel accumsan. Phasellus eget ac dignissim fermentum ac placerat elit, metus. Nulla porttitor ante egestas molestie quis quam. Pharetra magna sit mauris tellus gravida rutrum libero sit. Justo orci cras euismod proin massa lorem ut. In non tellus phasellus faucibus ullamcorper nullam odio dui et.
Bank Australia
Fernando Lemos
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Tellus in penatibus condimentum malesuada ante vulputate nisi, arcu leo. Amet urna sapien purus vestibulum fermentum a. Cursus metus massa donec sed varius. Nunc enim sit morbi lacus, molestie et nunc. Nullam sed facilisi id malesuada. Ante purus velit, quam scelerisque ultrices scelerisque donec.
Velit egestas vel ornare pellentesque ridiculus. Mauris tempor augue quis mattis suspendisse feugiat commodo posuere. Faucibus massa adipiscing nullam elit, ac vel accumsan. Phasellus eget ac dignissim fermentum ac placerat elit, metus. Nulla porttitor ante egestas molestie quis quam. Pharetra magna sit mauris tellus gravida rutrum libero sit. Justo orci cras euismod proin massa lorem ut. In non tellus phasellus faucibus ullamcorper nullam odio dui et.
Beyond Bank
Darren McLeod
Darren McLeod
Beyond Bank
Fernando Lemos
Bank Australia
Industry experts
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Tellus in penatibus condimentum malesuada ante vulputate nisi, arcu leo. Amet urna sapien purus vestibulum fermentum a. Cursus metus massa donec sed varius. Nunc enim sit morbi lacus, molestie et nunc. Nullam sed facilisi id malesuada. Ante purus velit, quam scelerisque ultrices scelerisque donec.
Velit egestas vel ornare pellentesque ridiculus. Mauris tempor augue quis mattis suspendisse feugiat commodo posuere. Faucibus massa adipiscing nullam elit, ac vel accumsan. Phasellus eget ac dignissim fermentum ac placerat elit, metus. Nulla porttitor ante egestas molestie quis quam. Pharetra magna sit mauris tellus gravida rutrum libero sit. Justo orci cras euismod proin massa lorem ut. In non tellus phasellus faucibus ullamcorper nullam odio dui et.
Bank Australia
Fernando Lemos
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Tellus in penatibus condimentum malesuada ante vulputate nisi, arcu leo. Amet urna sapien purus vestibulum fermentum a. Cursus metus massa donec sed varius. Nunc enim sit morbi lacus, molestie et nunc. Nullam sed facilisi id malesuada. Ante purus velit, quam scelerisque ultrices scelerisque donec.
Velit egestas vel ornare pellentesque ridiculus. Mauris tempor augue quis mattis suspendisse feugiat commodo posuere. Faucibus massa adipiscing nullam elit, ac vel accumsan. Phasellus eget ac dignissim fermentum ac placerat elit, metus. Nulla porttitor ante egestas molestie quis quam. Pharetra magna sit mauris tellus gravida rutrum libero sit. Justo orci cras euismod proin massa lorem ut. In non tellus phasellus faucibus ullamcorper nullam odio dui et.
Beyond Bank
Darren McLeod
Share
Share
Small business, big targets
Share
Blake Buchanan
Specialist Finance Group
Anja Pannek
MFAA
Anja Pannek is CEO of the Mortgage and Finance Association of Australia. She is an experienced leader in the financial services sector and has a proven track record of leading successful businesses within the third party channel, including aggregator businesses and mortgage distribution for major financial services firms. Pannek thrives in complex and uncertain environments, and through her vast experience in financial services she has an exceptionally strong understanding of the challenges and opportunities facing the Australian mortgage and finance broking industry.
MFAA
Anja Pannek
Blake Buchanan, general manager at Specialist Finance Group (SFG), is an expert in the broker channel with some 20 years’ experience in the finance industry, specialising in broking, lending and aggregation. Buchanan is known for his expertise and passion for the broker channel, along with his ability to deliver strong distribution results through systems, people, processes and partnerships.
Specialist Finance Group
Blake Buchanan
The manual-process problem
Published 27 Oct 2025
2022
2023
2024
2025
#1 Actor
#2 Actor
#3 Actor
Malicious
insiders
Human error
Human error
External attackers – hacktivists
External attackers – hacktivists
Human error
External attackers – hacktivists
External attackers – hacktivists
Human error
External attackers – nation-state actors
External attackers
External attackers – nation-state actors
External attackers – nation-state actors
Human error
External attackers – nation-state actors
Source: Thales 2025 Data Threat Report
Source: Morefield, ‘5 Cybersecurity Predictions for 2025’
Optimised attacks
Some examples of how AI can empower cybercriminals
Generative AI and machine learning technologies can help even inexperienced attackers create more sophisticated malware or scale their attacks to affect more targets
Data poisoning
A hacker can inject false, biased or corrupted data into an AI’s training datasets, causing the AI to produce inaccurate results and reduce performance
Model stealing
Attackers can replicate an AI model by querying it and observing outputs, effectively stealing the model without direct access to the original code or training data
AI in deepfakes
AI can create realistic fake videos or audio recordings that can be used to impersonate individuals or spread misinformation
Autonomous decision-making risks
Attackers can target or manipulate AI systems that make autonomous decisions, especially regarding critical infrastructure
Today’s cybercriminals employ increasingly sophisticated tactics that go beyond traditional malware attacks. They exploit human psychology through targeted phishing campaigns, manipulate supply chains and adapt quickly to new security measures.
“Cybercriminals and scammers are finding more sophisticated ways to both take advantage of technology and adapt as new security measures arise,” says Pannek.�
Sophisticated threats require smart defences
Rather than viewing cybersecurity as a cost centre, forward-thinking brokers are recognising its potential as a competitive advantage. Strong security practices can differentiate businesses and build deeper client relationships in an industry built on trust.�
Building trust through security
measures and embed cyber awareness into their daily operations. Simple questions can reveal significant vulnerabilities: How secure are remote work arrangements? Are client data storage practices compliant with Australian regulations? How cybersecure are key business partners and suppliers?
The rapid adoption of artificial intelligence in lending introduces both opportunities and risks. While AI can streamline processes and enhance customer experiences, it also creates new attack vectors and potential points of failure.
�“AI offers enormous potential – faster credit assessments, smarter back-office efficiencies and streamlined compliance,” says Buchanan. “But it also introduces new risks, particularly around data integrity, communication advice, algorithm bias and the handling of large datasets that may be sensitive.”
�The key to managing these risks lies in responsible implementation. AI systems require thorough testing, transparent operation and human oversight for critical decisions.�
The AI challenge
Industry leaders emphasise that cybersecurity cannot be treated as an individual business concern. The interconnected nature of mortgage lending means that vulnerabilities in one part of the system can compromise the entire network.
�“Industry leaders and lenders need to bridge this gap by setting consistent standards, sharing knowledge and providing accessible tools for brokers of all sizes,” says Buchanan. “Collaboration across the sector is critical: the more we share intelligence and best practices, the stronger we all become.”
�This collaborative approach includes leveraging government resources such as the Cyber Wardens program and cyber.gov.au, which provide free tools and training specifically designed for small businesses.�
Collective defence strategy
The pace of change in cyber threats means that staying current requires continuous effort. Examples include the challenges posed as the use of devices connected to the internet increases, with estimates showing Internet of Things (IoT) devices are projected to exceed 32 billion globally by 2030. Cybersecurity firms are already issuing warnings about poor security standards and surveillance risks in some IoT devices that are manufactured and sold at the lowest possible cost and with negligible security measures, leaving many open to exploitation by criminals.
�While cheap, imported devices are attractive to cost-conscious businesses, it’s not widely understood that their use may effectively bring foreign surveillance tools into the Australian mortgage broking sector. To mitigate these risks, brokers must stay informed, participate in training and seek guidance from trusted sources such as the ACSC.
�“Staying ahead requires a continuous effort,” says Buchanan. “Brokers and lenders should be engaging with industry associations, attending cyber-awareness training and subscribing to threat intelligence updates from trusted government sources.”
�Industry groups such as the MFAA support this effort through ongoing education programs and resources, including specialised guides for handling scam incidents and practical tools for assessing cyber resilience.
�“One of the key focus areas at the MFAA is building brokers’ cyber resilience through ongoing awareness and education,” says Pannek.
�The challenge for brokers lies in embracing digital tools that enhance client service while maintaining security standards. The most successful firms embed security considerations from the earliest stages of any digital project.
�“Innovation and security must go hand in hand; it’s not a choice between one or the other,” says Buchanan. “The best organisations embed cyber considerations from the very start of any digital project, rather than bolting them on afterwards.”�
Staying ahead of threats
Companies
People
Newsletter
About us
Authors
Privacy Policy
Conditions of Use
Terms & Conditions
Contact Us
Sitemap
RSS
Copyright © 1996-2025 KM Business Information Australia Pty Ltd.
Resources
TV
News
Specialty
Best in Mortgage
Mortgage Industry
US
CA
AU
NZ
UK
Companies
People
Newsletter
About us
Authors
Privacy Policy
Conditions of Use
Terms & Conditions
Contact Us
Sitemap
RSS
Copyright © 1996-2025 KM Business Information Australia Pty Ltd.
News
MORTGAGE INDUSTRY
BEST IN MORTGAGE
SPECIALTY
TV
Resources
US
CA
AU
NZ
UK
Companies
People
Newsletter
About us
Authors
Privacy Policy
Conditions of Use
Terms & Conditions
Contact Us
Sitemap
RSS
Copyright © 1996-2025 KM Business Information Australia Pty Ltd.
News
MORTGAGE INDUSTRY
BEST IN MORTGAGE
SPECIALTY
TV
Resources
US
CA
AU
NZ
UK