Australian financial services firms, including mortgage brokers, are under pressure to review their cyber resilience as a matter of urgency after ASIC warned that frontier artificial intelligence has pushed cyber risk into a “new era” for financial services.
The regulator’s latest media release, supported by an open letter, says that advanced AI tools now allow attackers to probe weaknesses at unprecedented speed and scale, raising the stakes for any broker that handles sensitive client data.
For brokers advising first-home buyers and property investors, a successful cyberattack can disrupt settlements, compromise identification documents, and erode trust at the critical stage of a borrowing capacity assessment.
That risk is rising just as research from aggregator Connective shows brokers are leaning into AI without always having the right guardrails. Its AI Readiness in Australian Broking Report finds most brokers expect AI to be essential or helpful to their businesses over the next two years, yet many still lack a clear strategy or governance framework for how it is used. Industry coverage has also highlighted how technology is reshaping the mortgage profession, with digital tools changing how brokers work and how clients expect to engage.
ASIC Commissioner Simone Constant (pictured) cautioned that “the clock is at a minute to midnight – if you aren’t on top of your cyber resilience already, the time to act and prepare is right now.”
ASIC’s open letter highlights that frontier AI models lower the barrier to sophisticated cyber activity, increasing the speed and reach of attacks rather than creating entirely new categories of risk. Existing controls are simply being tested more often and under greater pressure.
The regulator’s message to licensees – including aggregators and larger brokerage groups – is clear: “do not wait for perfect clarity to address the threat posed by new AI models. Instead, act now, and act with discipline, to strengthen the cyber resilience fundamentals that underpin your business.”
That means reassessing cyber plans, identifying and protecting critical systems such as CRM platforms and loan origination tools, tightening user access, patching quickly, and assuming breach in system design. For brokers, this extends to third‑party providers, from document collection apps to cloud-based servicing calculators used to model repayments and mortgage rates.
ASIC’s open letter stresses that cyber resilience is a core licensing obligation, not an IT afterthought.
Boards and responsible managers must be able to demonstrate effective controls through testing, audit findings and lessons from incidents, not just high-level reporting.
“We are not calling for panic or reactive overreach. But we are calling for urgency, focus, and accountability,” Constant wrote.
Financial services firms are encouraged to draw on existing guidance and to exercise incident response plans so that any attack can be contained, critical client services restored quickly, and long-term relationships with borrowers protected.
Get the hottest and freshest property and mortgage news delivered right into your inbox. Subscribe now to our FREE daily newsletter.
