iscover 
The Mortgage and Finance Association of Australia (MFAA) has urged brokers to bolster their cyber security arrangements, following a call to action from the Australian Securities and Investment Commission (ASIC) regarding emerging tech threats.
Speaking to The Adviser, MFAA CEO Anja Pannek said the regulator’s recent open letter to the industry was a clear indication that cyber risk was no longer hypothetical.
“The message for brokers is practical and immediate. This is not about panic or overcomplication. It is about urgency, discipline and getting the basics right,” she said
“Every broker should be actively reviewing their cyber resilience. That means understanding where the risks are in their business, protecting client data, reviewing access controls, keeping systems updated, preparing for incidents and making sure cyber security is not treated as a set and forget exercise.
“There was a time when keeping your business secure meant locking the front door at the end of the day. Today, cyber security requires the same everyday business discipline. Brokers hold sensitive client information and operate in a trusted environment, so protecting that information must be part of how every business is run.”
Actionable steps
In a communication to brokers, the MFAA outlined several strategies brokers can take to improve their security posture, even without a large team or big budget.
These steps include:
- Enabling multi-factor authentication on all business and personal accounts.
- Using unique passwords across all platforms and updating them regularly.
- Keeping software, apps, and devices up to date.
- Staying alert to phishing emails, suspicious links, and unexpected file downloads.
- Avoiding saving work account information on personal devices or browser autofill.
The industry body also encouraged brokers to access Cyber Wardens, an online learning program that provides guidance for brokers looking to strengthen their cyber resilience, accessible through the MFAA member portal.
“For brokers, that does not mean needing to become IT specialists. It means taking practical, proportionate steps to protect clients, protect data and protect the long-term resilience of their business,” Pannek added.
“The MFAA continues to support members through cyber security training and practical education. We strongly encourage all members to complete Cyber Wardens, a federal government and COSBOA program designed specifically to help small businesses build cyber resilience, available through the MFAA member portal.
“Cyber Wardens has been built for business owners, not IT specialists. Brokers do not need a large team or a technical background to get real value from it. The guidance is straightforward, the steps are actionable, and every broker should be taking advantage of it.”
Changing threat landscape
Earlier in May, ASIC commissioner Simone Constant wrote to Australian Financial Services (AFS) licensees and directors, warning of a “significant shift” in the cyber threat landscape.
These emerging threats have been driven largely by the rapid evolution of artificial intelligence (AI), according to the regulator, lowering the barrier to sophisticated cyber activity.
For licensees, this means emerging attacks may come with increased speed and scale while also enabling “new forms of exploitation”.
Constant warned existing controls are likely to come under greater pressures, describing the threat as a risk requiring the imminent attention of boards and executives.
“ASIC’s message is straightforward: do not wait for perfect clarity to address the threat posed by new AI models. Instead, act now, and act with discipline, to strengthen the cyber resilience fundamentals that underpin your business,” she wrote.
“We are not calling for panic or reactive overreach. But we are calling for urgency, focus and accountability.”
The commissioner also said that while new AI models represent a “step-change in capability”, they do not change the fundamentals of cyber resilience.
“They reinforce the importance of strong, end-to-end preparedness,” she added.
“Entities that have established robust plans across the full cyber incident life cycle and keep those plans current, tested and embedded, will be better placed to manage the accelerating threats posed by frontier AI.”
‘A minute to midnight’
As reported by Broker Daily sister brand The Adviser, Constant said isolated incidents can quickly lead to a system-wide domino effect in this new world of cyber threats.
“Entities need to have robust incident response plans. Whether an entity faces a basic phishing attempt or a more sophisticated cyber attack, the underlying cyber risk management principles of govern, protect, detect, respond remain the same,” she said.
This threat landscape makes robust defences critical, according to the commissioner.
“Appropriate cyber risk management starts at the leadership of licensees and participants. Boards and executives must ensure systems are tested, weaknesses are addressed early, and that action is taken before threats can be exploited,” she said.
“The clock is at a minute to midnight – if you aren’t on top of your cyber resilience already, the time to act and prepare is right now.”
[Related: ASIC calls for urgent cyber uplift amid AI threats]
Want to see more stories from trusted news sources?Make Broker Daily a preferred news source on Google.