Powered by MOMENTUMMEDIA
For breaking news and daily updates, subscribe to our newsletter
user icon Login
Become a free member

Why hackers target brokers and how to fight back, with Lendi Cyber Chief Simon Ellis

Hackers like targets that maximise gain for minimal effort. This often means businesses in the healthcare sector, education and of course financial organisations. As a result brokers, particularly self employed brokers are a prime target for cyber activity. Cyber Daily sat down with Simon Ellis, Head of Cyber Security at Lendi Group to discuss what threats brokers are facing and what can be done to mitigate them.

user icon Daniel Croft, Simon Ellis, Head of Cyber Security at Lendi Group. Wed, 14 Jan 2026 Culture
Why hackers target brokers and how to fight back, with Lendi Cyber Chief Simon Ellis

The finance industry holds tremendous amounts of sensitive data that can mean major financial gain for threat actors.

When it comes to self employed brokers, this becomes an even greater issue, with many without the resources and knowledge needed to curb cyber attacks and malicious digital activity.

You’re out of free articles for this month

With such a large target on their heads, it's important that brokers know what to look out for, how to avoid cyber incidents, how to mitigate attacks and appropriate cyber response.

 
 

To outline the threats facing brokers and how they can take charge in the fight against cyber criminals, Cyber Daily sat down with Simon Ellis, Head of Cyber Security at Lendi Group.

Why would a threat actor go after brokers or brokerages?

From our perspective, brokers are attractive targets for two simple reasons – the value of the information they handle, and where they sit in the financial transaction chain.

Brokers deal with identity documents, financial records, bank details and settlement instructions every day. That mix is useful to criminals – it can be used for fraud, sold on the dark web, or used to redirect legitimate payments.

And the work happens across a connected ecosystem: email, third-party platforms, lender portals, plus hand-offs between brokers, conveyancers, lenders and lawyers. With lots of players involved, there’s more room for confusion, and that’s what attackers try to exploit.

We’ve detected and blocked cases where a hacker injected themselves into email threads with messages like “congratulations on your loan, pay your deposit to <fake bank>.” If that succeeds, the money is often gone quickly through interbank flows and hard to recover.

What are the most prominent cyber threats faced by brokers or brokerages?

What we see most often isn’t exotic. It’s the stuff that works well in busy environments and gets results for attackers.

  • Phishing and business email compromise (BEC): this is still the easiest way to trick someone into changing payment instructions, or sharing something they shouldn’t.

  • Ransomware and extortion: it’s disruptive, it encrypts data, and it now often comes with extortion tactics that make recovery harder and more costly. New reporting obligations for ransom payments are also changing how organisations have to respond.

  • Account takeover and credential abuse: reused or weak credentials give attackers a foothold, then they can move into other areas.

What are some early warning signs brokers should never ignore?

A broker should be sceptical when receiving emails that do not make sense in relation to the client scenario they’re working on, seem overly urgent or attempt to convince customers to urgently transact a payment. These are commonly signs that one of the players in a broking transaction (customer, lawyer, conveyancer) have had their email account compromised.

More generally, brokers should trust their own instincts. If you receive notification that your password has been reset, and yet you can't recall doing such, then this is a serious early warning... Don't presume this is a tech issue, the notification is telling you something is wrong and needs your attention.

What are the greatest mistakes brokers make in regard to cyber security?

I’m cautious about calling them mistakes. What we usually see are common gaps that show up across a lot of small and mid-sized businesses, and they’re fixable.

  • Poor identity hygiene: things like shared logins, no multi-factor authentication, or using personal email for business work. Strong identity controls cut off a huge chunk of the common attacks.

  • No tested backups or recovery plan: backups matter but being able to restore under pressure matters more. If you can’t prove you can restore, ransomware becomes a much bigger problem.

  • Ignoring third parties and shadow IT: unapproved apps and vendor integrations multiply exposure and make incidents harder to contain.

  • Training and reporting not treated as “business as usual”: people will click sometimes, especially when they’re rushed or unsure. What changes outcomes is making it normal to report quickly, without blame, and having a clear process for what happens next.

What kind of impacts can self employed brokers face in the fallout of a cyber incident?

For a self-employed broker, the fallout can feel really personal, because there isn’t a big team behind you to absorb the shock.

There can be direct financial loss – fraud, payment redirection, remediation costs, and the time you lose while you’re dealing with it. Operational disruption is often the toughest part day to day, because clients and settlements don’t pause just because your systems are down.

There’s also the trust piece. Even if you handle it well, it can be stressful having to explain what happened, reassure clients, and work through any reporting obligations. And then there’s the personal burden – the time, the admin, the legal advice, and the stress tends to land on the owner.

The point I try to make here is small doesn’t mean low risk.

What are some simple effective solutions self-employed brokers can adopt now to be more prepared for cyber attacks?

If you’re starting from scratch, I’d focus on the basics that remove the most common pathways for attackers.

Immediate, high-impact steps:

  • Turn on multi-factor authentication everywhere.

  • Use business-grade email with spam and phishing protection and proper admin controls, rather than personal accounts.

  • Keep operating systems up to date. Ideally, set your operating system to auto-update so that you’re not having to worry about it. Don’t ignore the reminders!

  • Put in place a simple payment-verification process so changes to payment instructions always get confirmed. Tell customers to be engaged and double check payments every time with a phone call. This really makes a broker valuable, as a checkpoint for their customer on security, not just a facilitator of a loan.

  • Use a reputable password manager and unique passwords for each service.

What cyber trends has Lendi observed in the last 12 months? (this could be in regards to AI in cyber security/attacks or other trends regarding targeting and cyber defence, go nuts with this one.)

A few things have stood out for us.

First, ransomware and extortion keeps maturing. In my opinion, it’s become less about “can we prevent every incident” and more about “can we restore fast and keep the business running”. That’s why we put so much emphasis on playbooks, restoration runbooks and executive tabletop exercises.

Second, AI is raising the stakes on both sides. Attackers are using AI to craft more believable phishing and automate scams at scale. Defenders are also leaning into more automation, including agentic approaches to monitoring and response. Our Lendi Guardian work shows how agentic AI can add customer value, but it does mean you have to be deliberate about what you secure and how you govern it.

Third, supply chain and partner risk is front of mind. A third-party compromise can ripple through a distribution network, so partner resilience is becoming part of what “good” looks like in cyber.

And finally, mobile and app weaknesses are getting more attention from attackers. Session tokens, cookies and local storage can be an easy win for criminals if it’s not handled properly.

What is Lendi doing to combat cyber threats?

We’re taking a practical, layered approach, and our team is constantly thinking about two things at the same time – lowering everyday risk, and being ready to recover quickly if something still gets through.

We’ve been hardening identity and devices across the business, including moving to modern operating systems and lifting device posture. We’ve also tightened detection and incident response so suspicious communications get escalated quickly, including mailbox pull-backs and a more unified incident process.

We put a lot of focus into assurance too. We act on pen-test findings, push managed device posture via Intune, and deliver time-bound Cyber+Infra support where it helps partners reach a secure baseline.

On top of that, we’ve strengthened policy, capability and playbooks. That includes acceptable-use and identity policies, a FY25 strategy focused on SOC detection, identity, resilience and governance, plus ransomware playbooks and restoration runbooks that we test in tabletops.

We’re also providing practical support for brokers through pilots, imaging and onboarding via vendors, and targeted Cyber+Infra support. In our view, improving partner security protects customers and helps the whole ecosystem work more smoothly.

And we’re investing in AI as well. We’re building an Agentic SOC so we can operate 24×7 and respond quickly, with human involvement only when it’s genuinely needed.



Tags:
You need to be a member to post comments. Become a member for free today!

You have0 free articles left this month.
Register for a free account to access unlimited free content.
You have 0 free articles left this month.