The mortgage market should be doing much more to keep itself and customers safe from cyber risks, according to a panel of top industry experts.
Speaking at an information security and cyber risk event at the Mortgage Strategy 2025 MIT Live event in London, one roundtable attendee said: “We have customers targeted by gangs, it can be a nightmare. A lot of clients can lose personal data including passports and bank account details.
“We face threats all the way from teenagers in their bedroom to nation state cyber attacks. We can assume some of them will get through.”
The roundtable was held under the Chatham House rule, which keeps speakers and their firms anonymous.
Another panellist said they had seen cases where customers lost control of their bank accounts, which were then used to make payments to fraudsters, losing all their money in the process.
Another recounted an example where a broker had a serious IT breach because their child had logged onto their work computer to play games.
To help the mortgage market fight against fraud, one senior mortgage executive said that all work devices need to be kept up to date with any security updates.
This is good practice, not least because many scammers deliberately probe financial firms for perceived weaknesses, such as the latest firewall update not being installed.
Making backups of customer information, and storing this in a secure location, can also help mitigate against any data breaches, one attendee added.
Phishing attacks, where fraudsters attempt to lure victims into giving details or money willingly, make up 80% of attacks and has been reported by 85% of companies, one panellist said.
They added: “Get your customers used to the idea, that they are always thinking about phishing. Increasingly, gangs are not breaking in, they are just logging in.”
Another attendee said: “A password is no longer enough. You have to have a second layer of security, such as 2FA or MFA. It should never be possible to log into any system with just a password.”
