This page is for intermediary use only. If you're not an intermediary, please
return to our customer website
This page is for intermediary use only. If you're not an intermediary, please
return to our customer website
Cybercrime is becoming more sophisticated and, without robust processes in place, brokers could be in the firing line.
In our November Get More with Aldermore session, we brought together three experts to help brokers understand cyber risk and how you can protect against it.
AI, deepfakes, supply-chain breaches and social-engineering attacks are now part of everyday business in the cybercrime world, as it evolves at super speed. Unfortunately, brokers hold exactly the kind of sensitive client data that criminals want.
Aldermore’s cyber lead, Kirsty Fish, broker Kirsty Dudek from Lavender Mortgages and Sion Cleaver, security operations analyst at Aldermore, each brought a different perspective to this month’s discussion. They explored how threats are changing, the real-world impact of a cyber-attack, and the simple, practical habits you can adopt to strengthen security across your business.
Here’s what you need to know.
Kirsty Fish opened the session by explaining that cyber threats are increasing, and “even a single weak link, one compromised account or a mistake on a personal device, can have a ripple effect across an entire network.”
Most organisations remain vulnerable and breaches often start with simple human behaviours rather than advanced technical flaws. “Cyber security isn’t just about technology, it’s about trust”, explained Kirsty.
AI is also changing the game, allowing criminals to create convincing fake emails, clone voices and generate documents that look identical to those from lenders or colleagues. “A fake voice message from your boss isn’t science fiction anymore,” warned Kirsty. “It’s a reality.”
Kirsty also emphasised third-party risk, noting that brokers depend on, and work with, many external providers. “If one of them is compromised, you can feel the impact even when your own systems are clean,” she said, noting recent cases, such as the Harrods supplier breach and leaked HMRC passwords.
She also highlighted the growing regulatory pressure around operational resilience. The Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) are making cyber hygiene a requirement, with brokers expected to show you have strong controls, clear reporting pathways and basic protections in place.
However, this doesn’t have to be complicated or costly.
“Small actions across the whole team make the biggest difference,” she said.
Next, broker Kirsty Dudek, from Lavender Mortgages, shared her first-hand experience of a cyber-attack. Her business was breached by a simple error (one of her self-employed brokers allowed their son to use their laptop, who clicked what turned out to be a link from criminals).
Despite having done everything right, hiring IT specialists and checking all brokers’ laptops, human error still allowed the breach to happen.
She described the “horrendous” experience as leaving her feeling lost and unable to sleep properly for weeks as she “thought it was going to be a career ender.”
It was followed by weeks of worry, hundreds of calls, identity checks and emails, alongside the pressure of managing clients, lenders, the IT firm, the network and the Information Commissioner’s Office.
What struck Kirsty most was the loss of control: being temporarily suspended from some lenders’ panels, individually emailing almost a thousand clients, and managing reputational concerns with her introducers. Her firm lost around five months of business and incurred high costs.
Her experience offered clear lessons for brokers, from the need to take cybercrime seriously to staying up to date with the ever-changing threat. Kirsty added that it’s important that brokers slow down and check best practice.
Finally, Sion Cleaver explained the broader context of how the cyber threat is shifting.
He said that AI is making attacks more personalised, allowing criminals to create realistic video messages with minimal effort, and supply-chain attacks are rising.
He also touched on longer-term emerging risks, including criminals potentially manipulating medical devices such as pacemakers or diabetes trackers, harvesting biometric data from smartwatches and wearables, and interfering with driverless vehicles, signalling systems or wider infrastructure.
These terrifying scenarios may feel distant from your day-to-day work, but they illustrate how attacks are becoming more blended, more physical and harder to detect.
His message to brokers was simple: it’s everyone’s job to get the fundamentals right and build resilience.
Cyber threats continue to evolve, but the strongest protection still comes from small, consistent habits, vigilance and awareness of the risks. Brokers can’t eliminate every threat, but you can take clear, practical steps to put your businesses in a stronger position. Aldermore will continue providing guidance and insights to help you stay confident and secure.
IF YOUR CLIENT FAILS TO KEEP UP PAYMENTS ON THEIR MORTGAGE THEIR PROPERTY MAY BE REPOSSESSED.